How a Toronto-area police force helped take down a Russian-linked ransomware group
A Toronto-area police force is opening up about how it became involved in the international efforts to legally hack one of the most aggressive ransomware groups in the world.
The contributions by Peel Regional Police are one reason a Canadian flag is among the icons displayed on what used to be the dark website for the Russian-linked ransomware group Hive, along with the logos of the U.S. Department of Justice, the FBI, and a variety of police forces around the world.
Peel’s officers got involved early when a business in the area came to them in 2021, saying their systems were down and a text message on their desktops showed a ransom note, said Detective Const. Karim Hussain in an interview with CTV News Toronto.
“We had one of the first cases in Canada of Hive ransomware,” said Hussain. “It was the first to market. At the time we started gathering evidence, Hive was a fairly new ransomware group. Everything we brought to the table was interesting because no one had seen it before.”
Details of the case matched with other high-profile incidents, including a hospital in Louisiana where hackers accessed data on 270,000 patients, and a hospital in Ohio that was attacked and couldn’t accept new patients even as COVID-19 cases were surging.
Those were among more than 1,500 attacks worldwide that had the digital fingerprints of Hive, a group whose affiliates have netted some $150 million since 2021, police say, as they extort businesses for money in exchange for getting access to their data or their system back.
The attacks are done through a “ransomware as a service” model, meaning a small group of people design malicious software, and then share the tool with many others, rapidly scaling up their attacks before the security holes they exploit can be plugged.
“You have an overarching group that provides everything down to the infrastructure, to lesser-capable cyber criminals, and they provide them the tools to conduct the hack,” Hussain said.
The case brought Peel Police together with other forces wrestling with the impact of Hive, including the RCMP, the FBI, police in France, Germany, Norway, and Lithuania.
Earlier this year, the group struck back, taking control of Hive’s website and replacing it with a landing page bearing the logos of many investigating agencies.
“Simply put, using lawful means, we hacked the hackers,” said U.S. Deputy Attorney General Lisa Monaco in a press conference in January.
She added that the police discovered and then freely distributed decryptor keys that could help anyone who had been attacked recover their data or free their systems on their own.
FBI director Christopher Wray said those actions had stopped some $130 million in ransoms from being paid.
“This cut off the gas that is fueling Hive’s fire,” Wray said.
The investigation is still ongoing, said Hussain, as ransomware continues to surge. Statistics Canada reported that ransomware attacks amounted to 11 per cent of all cyber security incidents in 2021.
“There’s no end in sight to cybercrime right now,” Hussain said.
CTVNews.ca Top Stories
Canada sticking with 2050 net zero targets, but progress may come faster than expected, minister says
Natural Resources Minister Jonathan Wilkinson says the federal government is not ruling out finding ways to achieve net zero sooner than the existing 2050 goal, but would not say whether there would be a definitive commitment to move up the target.
Huda Mukbil, CSIS's first Black Arab-Canadian Muslim, spy opens up about her fight against terrorism and discrimination
Huda Mukbil, Canada's first Black Arab-Canadian Muslim spy, opens up in her new book about life in the world of espionage and the discrimination she faced within the CSIS.
Increase in mosquitoes 'a trend' across Canada this year. Here's why
Mosquitoes have always been pesky, but this spring it seems the bloodsuckers are thirstier than ever, a trend one expert says is increasing.
Four kids and one man drown after Quebec fishing accident: provincial police
A fishing excursion ended in tragedy on Saturday when four children died in a village in northeastern Quebec, provincial police said.
China rebukes U.S., Canadian navies for Taiwan Strait transit
China's military rebuked the United States and Canada for 'deliberately provoking risk' after the countries' navies staged a rare joint sailing through the sensitive Taiwan Strait.
What to know as Prince Harry prepares for court fight with British tabloid publisher
Prince Harry is set to testify in the first of his five pending legal cases largely centred around battles with British tabloids. Opening statements are scheduled Monday in his case.
Apple is expected to unveil a sleek, pricey headset. Is it the device VR has been looking for?
Apple appears poised to unveil a long-rumoured headset that will place its users between the virtual and real world, while also testing the technology trendsetter's ability to popularize new-fangled devices after others failed to capture the public's imagination.
Ukrainian president says at least 500 children killed by war
Ukrainian President Volodymyr Zelenskyy said Sunday that Russia's war, now in its 16th month, has killed at least 500 Ukrainian children.
Indian railways official says error in signalling system led to crash that killed 275 people
The derailment in eastern India that killed 275 people and injured hundreds was caused by an error in the electronic signalling system that led a train to wrongly change tracks and crash into a freight train, officials said Sunday.
Montreal
-
Four kids and one man drown after Quebec fishing accident: provincial police
A fishing excursion ended in tragedy on Saturday when four children died in a village in northeastern Quebec, provincial police said.
-
Evacuations in Val-d'Or, Que. due to nearby forest fires, poor air quality
The City of Val-d'Or in Quebec's Abitibi-Témiscamingue region announced an emergency evacuation of several areas Saturday evening due to two nearby forest fires.
-
Increase in mosquitoes 'a trend' across Canada this year. Here's why
Mosquitoes have always been pesky, but this spring it seems the bloodsuckers are thirstier than ever, a trend one expert says is increasing.
London
-
Museum London honours the Afzaal family with a new exhibit
On Saturday, Museum London launched a brand-new display honouring the Afzaal Family
-
WATCH
WATCH | Wind turbine blaze 'contained' north of Goderich, Ont.
Todd Edginton could hardly believe his eyes when he looked out his back door to find a wind turbine on fire. He wasn’t alone, as people stopped just north of Goderich to see the spectacle unfold.
-
Teen taken to hospital after being struck by driver
A skateboarding teenager was taken to hospital after being hit by a driver in west London, Ont. on Saturday afternoon.
Kitchener
-
'He knows this area, he’s been here before': Search continues for missing man last seen three weeks ago
It’s been three weeks since a 37-year-old man with down syndrome formerly from Waterloo region, went missing.
-
'Families are struggling': Day of action held in Kitchener
A day of action held across Ontario saw the Ontario Federation of Labour (OFL) taking aim at a number of issues impacting community members, such as the cost of living.
-
Northern Ontario
-
Currently 20 active forest fires in northeastern Ont.
There are 20 forest fires active in northeastern Ontario, including eight new confirmed fires reported Friday.
-
WATCH
WATCH | Wind turbine blaze 'contained' north of Goderich, Ont.
Todd Edginton could hardly believe his eyes when he looked out his back door to find a wind turbine on fire. He wasn’t alone, as people stopped just north of Goderich to see the spectacle unfold.
-
Here's what Nova Scotia's wildfires look like from outer space
Photos released by NASA taken from International Space Station show the immense scale of the wildfires in Nova Scotia, with billowing smoke engulfing the landscape.
Ottawa
-
The 40th CHEO Telethon is today
The 40th CHEO Telethon will be on CTV Ottawa from 1 p.m. to 7 p.m. Last year's CHEO Telethon raised a record $11.8 million.
-
Ottawa police investigating shots fired in Merivale area
Shots were fired on Kerry Crescent, near Clyde Avenue and Merivale Road, at around 1 a.m. Saturday.
-
Minor injuries in crash on Hawthorne Road that led to power outage
A driver suffered minor injuries in crash on Hawthorne Road early Sunday that led to a power outage later in the morning.
Windsor
-
Amherstburg, Ont. home destroyed after vehicle collides into residential gas line, says fire chief
A vehicle crash in Amherstburg has completely destroyed a home — and the driver has been hospitalized with severe burns.
-
Rental scam discovered after multiple families respond to ad for rental home
A 43-year-old Lasalle woman has been arrested in connection to a home rental scam.
-
Windsor man charged with attempted murder after east end shooting
Multiple charges have been laid against a 40-year-old Windsor, Ont. man after he allegedly shot another man during an argument on Friday night.
Barrie
-
OPP launch homicide investigation in Collingwood
Provincial police in Collingwood are investigating a homicide after a late-night disturbance.
-
Five injured in multi-vehicle crash in Crooked Bay
Five people are in hospital after a multi-vehicle crash in Crooked Bay on Saturday.
-
Labour councils host ‘Enough is Enough’ rallies in Barrie and Orillia
The Ontario Federation of Labour rallied across the province on Saturday, including in Barrie and Orillia.
Atlantic
-
Shelburne County, N.S., gets much needed rainfall as wildfire continues
Shelburne County, N.S., received its first bout of rainfall since the record-breaking wildfire, which now covers approximately 250 square kilometres.
-
One person dies, two others in hospital after three-vehicle crash in Springfield, P.E.I.: RCMP
One person has died and two others are in hospital with serious injuries after a three-vehicle collision in Springfield, P.E.I.
-
Canadian soldiers, American firefighters now battling blazes in Nova Scotia
Canadian soldiers and firefighters from abroad are now on the ground helping to extinguish wildfires burning in several parts of Nova Scotia for the past week.
Calgary
-
Boil water advisory lifted for Silverado, remains in place for Yorkville and Belmont
A boil water advisory was lifted for the southwest Calgary community of Silverado Saturday night, but remains in effect for the communities of Yorkville and Belmont.
-
Alberta state of emergency to expire Sunday: Officials
As of midnight Saturday, Alberta will no longer be under a provincial state of emergency.
-
With oil prices slumping, OPEC+ producers weigh more production cuts
The major oil-producing countries led by Saudi Arabia and Russia are wrestling with whether to make another cut in supply to the global economy as the OPEC+ alliance struggles to prop up sagging oil prices that have been a boon to U.S. drivers and helped ease inflation worldwide.
Winnipeg
-
'Such a proud day': Red River Metis vote on historic modern-day treaty
It was a historic day in Manitoba. From across Canada, an estimated 4,000 Manitoba Metis Federation (MMF) citizens showed up in person or online for an extraordinary general assembly.
-
Three teens arrested in connection to multiple St. Vital bear spray attacks
Three teenagers face robbery and assault charges after a pair of bear spray attacks in St. Vital Thursday evening.
-
'Extremely generous': Viral social media post gets Winnipeg man free wings for a year
Winnipegger Howie Prociuk was on a father/son trip south of the border to see the Toronto Blue Jays take on the Minnesota Twins in Minneapolis last month, when a funny thought occurred to him.
Vancouver
-
Toddler nearly drowns in Cultus Lake
A young boy has been hospitalized after falling into Cultus Lake earlier this week.
-
BASE jumper rescued from Stawamus Chief after crashing into cliff
A BASE jumper was rescued from a ledge after he crashed on the Stawamus Chief Saturday morning.
-
2 arrested, 2 knives seized after attempted robbery near Metrotown SkyTrain station: RCMP
Two people are in custody after a report of an assault with a weapon near the Metrotown SkyTrain station Saturday morning, Burnaby RCMP say.
Edmonton
-
Alberta state of emergency to expire Sunday: Officials
As of midnight Saturday, Alberta will no longer be under a provincial state of emergency.
-
'Some hugs and some paint': Local artists rally around painter after fire destroys artwork
A local artist is starting from scratch after a fire burnt down his garage with his supplies and artwork inside.
-
Young Master Club celebrates 16 years with Taekwondo demonstration
The Young Master Club celebrated its 16th anniversary with a Taekwondo festival at the Alberta Avenue Community League, where students showcased their techniques.