Various police services, including the Dutch police, have taken the servers of ransomware Hive offline in a joint action. They have also obtained decryption keys that allow victims to regain access to their data.
Hive has made 1500 victims in the past few years, Europol reports. In order to locate the servers, the police not only analyzed the malware, but also scrutinized payments in cryptocurrencies and checked against data in Europol’s databases. The services say that more actions based on this investigation may follow.
Police services in 13 countries were involved in the action. In addition to the Netherlands, these included services in the US, UK, Spain, Sweden, Latvia, Norway, Germany and France. It is unknown what the role of those individual services has been.
The most famous victim of the Hive ransomware in the Netherlands is MediaMarkt, which suffered the attack in November 2021. In the US, Hive was responsible for attacks on hospitals, among other things.