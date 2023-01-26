Peel police announced that the HIVE ransomware group website has been dismantled thanks to a collaborated effort of law enforcement authorities in several countries including Canada.

“After a multi-year cross-border investigation into numerous cyber-attacks against governments, businesses, and individuals in the United States, Europe, and Canada, an international law enforcement operation involving 12 countries has resulted in an infrastructure takedown and domain seizure of the HIVE ransomware group,” Peel police said in a news release.

This technical achievement follows a complex investigation involving law enforcement authorities from Canada, France, Germany, Netherlands, Lithuania, Portugal, Romania, Spain, Sweden, Norway, the United Kingdom, and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3).

Since the fall of 2021, at least 71 Canadian businesses and organizations have been victimized by the HIVE ransomware criminal group, resulting in lost productivity and financial impact, the news report said.

On Sunday, November 7, 2021, a business in the Region of Peel fell victim to a ransomware attack whereby their entire computer network was rendered inoperable and a significant amount of data was compromised, the police report read. The suspects identified themselves as the HIVE Ransomware Group and demanded payment in Bitcoin (BTC) to decrypt the compromised data. The victim did not pay the ransom, restoring their data via backups, a critical line of defense against ransomware attacks, and contacted police.

Investigators from Peel Regional Police Technical Crime Services commenced Project Nectar in May 2022 in collaboration with the National Cybercrime Coordination Centre (NC3) into the disruption and dismantling of the HIVE ransomware group infrastructure. Peel police conducted a separate, parallel investigation alongside the Federal Bureau of Investigation (FBI), Europol, and the Joint Cybercrime Action Taskforce (J-CAT).

Cybercrime attacks committed by these threat actors access secure computer systems for financial gain, political reasons, thrill-seeking, or notoriety. A breached computer system would also allow the criminals to infect the computer with a virus, which could disrupt or destroy the victim’s technical infrastructure. The secure information can also be stolen from the breached computer system and sold on a black market for a significant amount.

“Ransomware underscores the borderless nature of cybercrime and the need for domestic and international law enforcement coordination,” said RCMP’s Director General of the National Cybercrime Coordination Centre and Canadian Anti-Fraud Centre, Chris Lynam. “This operational success can be attributed to police services in multiple countries coming together with a common purpose and the initiating action of victims reporting incidents to police. Reporting instances, whether a victim or not, is essential to enabling law enforcement action and identifying linkages.

If you suspect that you may have been the victim of a cybercrime attack, report it to police. Anyone with information on this incident, is asked to contact investigators at 905-453-2121 extension 3394. Anonymous information may also be submitted by calling Peel Crime Stoppers at 1-800-222-TIPS (8477), by visiting peelcrimestoppers.ca.