Takedown of major ransomware group a huge victory, say Mississauga and Brampton cops


Published January 26, 2023 at 1:32 pm

A major international ransomware group that’s targeted numerous businesses in Mississauga, Brampton and around the world has been dismantled after a sweeping operation by police in a dozen countries dating back almost two years.

Peel Regional Police, the lead Canadian law enforcement agency in the “complex investigation” that involved the FBI and numerous other international authorities, say they became involved after a Peel business was targeted by the notorious HIVE ransomware group in November 2021.

Peel cops didn’t reveal the name or nature of the business, nor did they say if it is located in Mississauga or Brampton.

They did say the Peel business is one of at least 71 Canadian businesses and organizations to be victimized by the HIVE ransomware criminal group since fall 2021. Police didn’t say how many of the victims are in Mississauga and Brampton.

According to Peel police, the local business was targeted by the hacker group on Nov. 7, 2021.

The business “…fell victim to a ransomware attack whereby their entire computer network was rendered inoperable and a significant amount of data was compromised,” police said, adding the group responsible identified itself as the HIVE ransomware group and demanded payment in Bitcoin to decrypt the compromised data.

The targeted business did not pay the ransom, police said, opting instead to restore its data via backups, “a critical line of defence against ransomware attacks,” and contact police.

In the larger picture, police say, the HIVE group was aggressively investigated the last several years by law enforcement agencies for its numerous cyber attacks against governments, businesses and individuals in the United States, Europe and Canada.

The massive police operation involved law enforcement from Canada, France, Germany, Netherlands, Lithuania, Portugal, Romania, Spain, Sweden, Norway, the United Kingdom and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3).

The end result this week was “…an infrastructure takedown and domain seizure of the HIVE ransomware group,” Peel police said.

The dozens of victims since 2021 suffered lost productivity and an undisclosed financial impact, authorities say.

“This infrastructure takedown will prevent further victimization of the Canadian public and businesses by this criminal operation,” Peel police said in a news release.

In May of 2022, the Peel Regional Police Technical Crime Services unit launched Project Nectar in collaboration with the National Cybercrime Coordination Centre.

The probe was initiated in an effort to disrupt and dismantle the HIVE ransomware group infrastructure, according to Peel police, who described the undertaking as “a separate, parallel investigation” alongside the FBI, Europol and the international Joint Cybercrime Action Taskforce.

Peel police brass say the cybercrime attacks committed by such organized groups access secure computer systems for financial gain, political reasons, thrill-seeking and notoriety.

A breached computer system also allows criminals to infect the computer with a virus, which could disrupt or destroy the victim’s technical infrastructure. The secure information can also be stolen from the breached computer system and sold on a black market for a significant amount of money, police say.

Peel police Deputy Chief Nick Milinovich said such multi-jurisdictional, international police investigations “are making significant progress in disrupting and dismantling sophisticated, global cybercriminal enterprises.”

He added that working together with national and international policing partners allows them to “leverage the very best intelligence data to hold accountable those threat actors that victimize our communities.”

The HIVE hacker group brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022, according to a joint report from several U.S. agencies, including the FBI.

The targets were varied in nature and included healthcare facilities, a huge oil refinery in Romania and a wide range of businesses and critical infrastructure sectors including government facilities, manufacturing, IT and more.

insauga's Editorial Standards and Policies advertising