How a Toronto-area police force helped take down a Russian-linked ransomware group
A Toronto-area police force is opening up about how it became involved in the international efforts to legally hack one of the most aggressive ransomware groups in the world.
The contributions by Peel Regional Police are one reason a Canadian flag is among the icons displayed on what used to be the dark website for the Russian-linked ransomware group Hive, along with the logos of the U.S. Department of Justice, the FBI, and a variety of police forces around the world.
Peel’s officers got involved early when a business in the area came to them in 2021, saying their systems were down and a text message on their desktops showed a ransom note, said Detective Const. Karim Hussain in an interview with CTV News Toronto.
“We had one of the first cases in Canada of Hive ransomware,” said Hussain. “It was the first to market. At the time we started gathering evidence, Hive was a fairly new ransomware group. Everything we brought to the table was interesting because no one had seen it before.”
Details of the case matched with other high-profile incidents, including a hospital in Louisiana where hackers accessed data on 270,000 patients, and a hospital in Ohio that was attacked and couldn’t accept new patients even as COVID-19 cases were surging.
Those were among more than 1,500 attacks worldwide that had the digital fingerprints of Hive, a group whose affiliates have netted some $150 million since 2021, police say, as they extort businesses for money in exchange for getting access to their data or their system back.
The attacks are done through a “ransomware as a service” model, meaning a small group of people design malicious software, and then share the tool with many others, rapidly scaling up their attacks before the security holes they exploit can be plugged.
“You have an overarching group that provides everything down to the infrastructure, to lesser-capable cyber criminals, and they provide them the tools to conduct the hack,” Hussain said.
The case brought Peel Police together with other forces wrestling with the impact of Hive, including the RCMP, the FBI, police in France, Germany, Norway, and Lithuania.
Earlier this year, the group struck back, taking control of Hive’s website and replacing it with a landing page bearing the logos of many investigating agencies.
“Simply put, using lawful means, we hacked the hackers,” said U.S. Deputy Attorney General Lisa Monaco in a press conference in January.
She added that the police discovered and then freely distributed decryptor keys that could help anyone who had been attacked recover their data or free their systems on their own.
FBI director Christopher Wray said those actions had stopped some $130 million in ransoms from being paid.
“This cut off the gas that is fueling Hive’s fire,” Wray said.
The investigation is still ongoing, said Hussain, as ransomware continues to surge. Statistics Canada reported that ransomware attacks amounted to 11 per cent of all cyber security incidents in 2021.
“There’s no end in sight to cybercrime right now,” Hussain said.
CTVNews.ca Top Stories
Widow looking for answers after Quebec man dies in Texas Ironman competition
The widow of a Quebec man who died competing in an Ironman competition is looking for answers.
Tom Mulcair: Park littered with trash after 'pilot project' is perfect symbol of Trudeau governance
Former NDP leader Tom Mulcair says that what's happening now in a trash-littered federal park in Quebec is a perfect metaphor for how the Trudeau government runs things.
World seeing near breakdown of international law amid wars in Gaza and Ukraine, Amnesty says
The world is seeing a near breakdown of international law amid flagrant rule-breaking in Gaza and Ukraine, multiplying armed conflicts, the rise of authoritarianism and huge rights violations in Sudan, Ethiopia and Myanmar, Amnesty International warned Wednesday as it published its annual report.
Photographer alleges he was forced to watch Megan Thee Stallion have sex and was unfairly fired
A photographer who worked for Megan Thee Stallion said in a lawsuit filed Tuesday that he was forced to watch her have sex, was unfairly fired soon after and was abused as her employee.
Amid concerns over 'collateral damage' Trudeau, Freeland defend capital gains tax change
Facing pushback from physicians and businesspeople over the coming increase to the capital gains inclusion rate, Prime Minister Justin Trudeau and his deputy Chrystia Freeland are standing by their plan to target Canada's highest earners.
U.S. Senate passes bill forcing TikTok's parent company to sell or face ban, sends to Biden for signature
The Senate passed legislation Tuesday that would force TikTok's China-based parent company to sell the social media platform under the threat of a ban, a contentious move by U.S. lawmakers that's expected to face legal challenges.
Wildfire southwest of Peace River spurs evacuation order
People living near a wildfire burning about 15 kilometres southwest of Peace River are being told to evacuate their homes.
U.S. Senate overwhelmingly passes aid for Ukraine, Israel and Taiwan with big bipartisan vote
The U.S. Senate has passed US$95 billion in war aid to Ukraine, Israel and Taiwan, sending the legislation to President Joe Biden after months of delays and contentious debate over how involved the United States should be in foreign wars.
'My stomach dropped': Winnipeg man speaks out after being criminally harassed following single online date
A Winnipeg man said a single date gone wrong led to years of criminal harassment, false arrests, stress and depression.