International ransomware group busted by cops targeted Mississauga, Brampton businesses
Published January 30, 2023 at 10:18 am
Five businesses in Mississauga and Brampton were among dozens across Canada and countless others around the world targeted by a major international ransomware group busted late last week in the midst of a 12-country police investigation.
A Mississauga technology sector company was targeted by the notorious HIVE ransomware group in November 2021, prompting Peel Regional Police to become involved in the sweeping international probe that also includes law enforcement agencies in the United States and throughout Europe.
The massive ongoing investigation, which began nearly two years ago, led to the dismantling last week of HIVE.
A Peel police spokesperson said in an email to insauga.com that no arrests have yet been made in the huge operation as “this phase of the investigation was focused on seizing control of the HIVE ransomware group’s computer infrastructure in order to prevent further victimization and disrupt their criminal operation.”
The spokesperson added that “the investigation is continuing and any arrests are pending” and there “is no timetable on any potential arrests.”
Peel police are the lead Canadian law enforcement agency in the “complex investigation” that also involves the FBI and numerous other international authorities.
They said the five Peel businesses targeted are among at least 71 Canadian businesses and organizations to be victimized by the HIVE ransomware criminal group since fall 2021.
According to Peel police, the Mississauga technology business, which they aren’t naming, was targeted by the hacker group on Nov. 7, 2021.
The business “…fell victim to a ransomware attack whereby their entire computer network was rendered inoperable and a significant amount of data was compromised,” police said, adding the group responsible identified itself as the HIVE ransomware group and demanded payment in Bitcoin to decrypt the compromised data.
The targeted business did not pay the ransom, police said, opting instead to restore its data via backups, “a critical line of defence against ransomware attacks,” and contact police.
In the larger picture, police say, the HIVE group was aggressively investigated the last several years by law enforcement agencies for its numerous cyber attacks against governments, businesses and individuals in the United States, Europe and Canada.
The massive police operation involved law enforcement from Canada, France, Germany, Netherlands, Lithuania, Portugal, Romania, Spain, Sweden, Norway, the United Kingdom and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3).
The end result last week was “…an infrastructure takedown and domain seizure of the HIVE ransomware group,” Peel police said.
The dozens of victims since 2021 suffered lost productivity and an undisclosed financial impact, authorities say.
“This infrastructure takedown will prevent further victimization of the Canadian public and businesses by this criminal operation,” Peel police said in a news release last week.
In May of 2022, the Peel Regional Police Technical Crime Services unit launched Project Nectar in collaboration with the National Cybercrime Coordination Centre.
The probe was initiated in an effort to disrupt and dismantle the HIVE ransomware group infrastructure, according to Peel police, who described the undertaking as “a separate, parallel investigation” alongside the FBI, Europol and the international Joint Cybercrime Action Taskforce.
Peel police brass say the cybercrime attacks committed by such organized groups access secure computer systems for financial gain, political reasons, thrill-seeking and notoriety.
A breached computer system also allows criminals to infect the computer with a virus, which could disrupt or destroy the victim’s technical infrastructure. The secure information can also be stolen from the breached computer system and sold on a black market for a significant amount of money, police say.
Peel police Deputy Chief Nick Milinovich said last week that such multi-jurisdictional, international police investigations “are making significant progress in disrupting and dismantling sophisticated, global cybercriminal enterprises.”
He added that working together with national and international policing partners allows them to “leverage the very best intelligence data to hold accountable those threat actors that victimize our communities.”
The HIVE hacker group brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022, according to a joint report from several U.S. agencies, including the FBI.
The targets were varied in nature and included healthcare facilities, a huge oil refinery in Romania and a wide range of businesses and critical infrastructure sectors including government facilities, manufacturing, IT and more.