How a Toronto-area police force helped take down a Russian-linked ransomware group
A Toronto-area police force is opening up about how it became involved in the international efforts to legally hack one of the most aggressive ransomware groups in the world.
The contributions by Peel Regional Police are one reason a Canadian flag is among the icons displayed on what used to be the dark website for the Russian-linked ransomware group Hive, along with the logos of the U.S. Department of Justice, the FBI, and a variety of police forces around the world.
Peel’s officers got involved early when a business in the area came to them in 2021, saying their systems were down and a text message on their desktops showed a ransom note, said Detective Const. Karim Hussain in an interview with CTV News Toronto.
“We had one of the first cases in Canada of Hive ransomware,” said Hussain. “It was the first to market. At the time we started gathering evidence, Hive was a fairly new ransomware group. Everything we brought to the table was interesting because no one had seen it before.”
Details of the case matched with other high-profile incidents, including a hospital in Louisiana where hackers accessed data on 270,000 patients, and a hospital in Ohio that was attacked and couldn’t accept new patients even as COVID-19 cases were surging.
Those were among more than 1,500 attacks worldwide that had the digital fingerprints of Hive, a group whose affiliates have netted some $150 million since 2021, police say, as they extort businesses for money in exchange for getting access to their data or their system back.
The attacks are done through a “ransomware as a service” model, meaning a small group of people design malicious software, and then share the tool with many others, rapidly scaling up their attacks before the security holes they exploit can be plugged.
“You have an overarching group that provides everything down to the infrastructure, to lesser-capable cyber criminals, and they provide them the tools to conduct the hack,” Hussain said.
The case brought Peel Police together with other forces wrestling with the impact of Hive, including the RCMP, the FBI, police in France, Germany, Norway, and Lithuania.
Earlier this year, the group struck back, taking control of Hive’s website and replacing it with a landing page bearing the logos of many investigating agencies.
“Simply put, using lawful means, we hacked the hackers,” said U.S. Deputy Attorney General Lisa Monaco in a press conference in January.
She added that the police discovered and then freely distributed decryptor keys that could help anyone who had been attacked recover their data or free their systems on their own.
FBI director Christopher Wray said those actions had stopped some $130 million in ransoms from being paid.
“This cut off the gas that is fueling Hive’s fire,” Wray said.
The investigation is still ongoing, said Hussain, as ransomware continues to surge. Statistics Canada reported that ransomware attacks amounted to 11 per cent of all cyber security incidents in 2021.
“There’s no end in sight to cybercrime right now,” Hussain said.
CTVNews.ca Top Stories
Air traveller complaints to Canadian Transportation Agency hit new high
The Canadian Transportation Agency has hit a record high of more than 71,000 complaints in a backlog. The quasi-judicial regulator and tribunal tasked with settling disputes between customers and the airlines says the backlog is growing because the number of incoming complaints keeps increasing.
LIVE @ 1:15 PT B.C. premier to give announcement related to public drug use
B.C.'s premier is scheduled to give an update Friday about public drug use in the province.
Orca calf that was trapped in B.C. lagoon for weeks swims free
An orca whale calf that has been stranded in a B.C. lagoon for weeks after her pregnant mother died swam out on her own early Friday morning.
AFN chief says Air Canada offered a 15% discount after her headdress was mishandled
After the Assembly of First Nations' national chief complained to Air Canada about how staffers treated her and her ceremonial headdress on a flight this week, she says the airline responded by offering a 15 per cent discount on her next flight.
Sophie Gregoire Trudeau on navigating post-political life, co-parenting and freedom
Sophie Gregoire Trudeau says there is 'still so much love' between her and Prime Minister Justin Trudeau, as they navigate their post-separation relationship co-parenting their three children.
Flight attendant indicted in attempt to record teen girl in airplane bathroom
An American Airlines flight attendant was indicted Thursday after authorities said he tried to secretly record video of a 14-year-old girl using an airplane bathroom last September.
76ers All-Star centre Joel Embiid says he has Bell's palsy
Philadelphia 76ers All-Star centre Joel Embiid has been diagnosed with Bell’s palsy, a form of facial paralysis he says has affected him since before the play-in tournament.
DEVELOPING Bird flu outbreaks: WHO weighs in on public health risk
The current overall public health risk posed by the H5N1 bird flu virus is low, the World Health Organization said on Friday, but urged countries to stay alert for cases of animal-to-human transmission.
Island near Mull of Kintyre for sale for US$3.1 million
An idyllic 453-acre private island is up for sale off the west coast of Scotland and it comes with sandy beaches, puffins galore, seven houses, a pub, a helipad and a flock of black-faced sheep.