The FBI took down a high-profile cybercrime group without arresting anyone — but an agent says that was 'just round one'
- The FBI took down Hive, a high-profile cybercrime group, earlier this year without making any arrests.
- It's really unusual for the feds to announce a complex operation without arresting anyone.
The FBI dismantled one of the most prolific ransomware groups without arresting anyone this year. But one agent who worked on the investigation told Politico that the takedown was "just round one."
The bureau's month-long sting operation against the cybercrime group Hive made headlines when the Justice Department announced in January that it had "penetrated Hive's computer networks, captured its decryption keys, and offered them to victims worldwide, preventing victims from having to pay $130 million in ransom demanded."
The feds also said they coordinated German and Dutch law enforcement to take down the servers and websites Hive used to communicate with its members, "disrupting Hive's ability to attack and extort victims."
Hive is believed to be based in Russia, which has long been a safe haven for cybercriminal organizations. As Insider's Katie Canales previously reported, the Kremlin gives hackers tacit approval to operate within its borders, as long as they don't go after Russia or its allies.
Cybersecurity experts said it was unusual for the FBI to carry out such a multi-pronged operation without arresting a single person.
But Justin Crenshaw, a supervisory agent in the bureau's Tampa office, told Politico that this is just the beginning.
He and Bryan Smith, a 20-year FBI veteran and the bureau's cybercriminals section chief, told the outlet that shortly before the DOJ announced its Hive takedown, the FBI discovered that the group was renting two of its main servers in Los Angeles.
The FBI seized the servers two weeks later. That discovery, Crenshaw and Smith said, has opened the door for law enforcement officials to root out other ransomware groups that have worked with Hive and could lead to more arrests down the road.
Investigators also likely gained a wealth of knowledge while staking out Hive's networks beginning in July 2022, including critical information about who's in charge of the group's operations.
"For us, that's just round one," Crenshaw told Politico.