FBI Infiltrates Hive Ransomware Ring, Thwarting Over $130 Million in Crypto Ransom Demands

Federal prosecutors have taken down Hive, a notorious ransomware group, while preventing $130 million in demands from being paid.

A man wearing an FBI vest smiles at an anonymous person within a hive background
  • The FBI has taken down the server of the ransomware group Hive while preventing $130 million in ransom demands.
  • Hive has operated since 2021, targeting hospitals, schools, and financial institutions.
  • The U.S. Department of State is offering $10 million up to $10 million for information on the group.

The United States Department of Justice (DOJ) has announced that the Federal Bureau of Investigation (FBI) has seized the website and thwarted over $130 million in crypto demands from the notorious ransomware group, Hive.

Over 1,500 Victims Attacked by Hive

According to reports, the Hive ransomware group used affiliates to target over 1,500 hospitals, schools, and banks in over 80 countries. The group has amassed over $100 million from its victims since 2021.

Hive created malware that would encrypt computer systems after affiliates stole sensitive documents. The affiliates would demand ransom for both the data and a decryption key.


The report states that Hive attacked a Midwestern hospital disrupting care amid the COVID-19 pandemic. The hospital was forced to pay a ransom before treating its patients online.

Hacking the Hacker

The Justice Department said that it began infiltrating the group in July 2022. FBI agents, including those in the Orlando office, penetrated Hive’s computer networks and performed a “21st-century high-tech cyber stakeout.”

In the Hive system, the operatives collected decryption keys for victims under attack by Hive. FBI agents provided over 1,300 decryption keys to help victims recover their data and systems from Hive.


In acting before payments were made to Hive, the FBI prevented victims from being forced to pay approximately $130 million in ransoms to Hive affiliates.

After six months of operating from within, the DOJ announced on Thursday, January 26th, that the FBI and international partners in Germany and the Netherlands had successfully taken down Hive’s infrastructure and seized their servers.

Ransomware Payments Exceeded $130 Million

While the FBI thwarted $130 million in crypto-ransomware, the notorious organization had extorted more from institutions. 

According to FBI Director Chris Wray, only about 20% of Hive’s victims reported the ransomware attacks to law enforcement agencies.

To achieve a better outcome, the Justice Department has urged individuals and institutions to alert investigators to potential attacks in real-time.

U.S. Opens Bounty for Hive Affiliates

Federal prosecutors do not plan to stop taking down Hive’s servers. The Department of State today offered up to $10 million for information that could help track down the ransomware group. 

The State Department’s Rewards for Justice Twitter account has called on members of the public with information to reach them “on Signal, Telegram, WatshApp, or via our Tor-based tip line.”

On the Flipside

  • The FBI has not made any arrests concerning Hive’s illicit activities, but prosecutors say the investigation is active and ongoing.

Why You Should Care

The Justice Department has noted that it will spare no resources to bring to justice the perpetrators of the increasingly frequent ransomware attacks across the United States.

Find more on ransomware attack culprits in:
Russia Linked to Nearly 75% of Ransomware Attacks, New Report Finds

Like ransomware attacks, phishing is also on the rise. Read more below:
Crypto Phishing Scams Likely Coming as Hacker Leaks Emails of 235M Twitter Users

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia