CISC - Criminal Intelligence Service Canada

01/26/2023 | Press release | Distributed by Public on 01/26/2023 12:58

Une action internationale concertée débouche sur le démantèlement de l'infrastructure d'un groupe de rançongiciel (en anglais seulement) 26 janvier 2023 — Ottawa (Ontario)[...]

Region of Peel - After a multi-year cross-border investigation into numerous cyber-attacks against governments, businesses, and individuals in the United States, Europe, and Canada, an international law enforcement operation involving 12 countries has resulted in an infrastructure takedown and domain seizure of the HIVE ransomware group.

Since the fall of 2021, at least 71 Canadian businesses and organizations have been victimized by the HIVE ransomware criminal group, resulting in lost productivity and financial impact. This infrastructure takedown will prevent further victimization of the Canadian public and businesses by this criminal operation.

On Sunday, November 7, 2021, a business in the Region of Peel fell victim to a ransomware attack whereby their entire computer network was rendered inoperable and a significant amount of data was compromised. The suspects identified themselves as the HIVE Ransomware Group and demanded payment in Bitcoin (BTC) to decrypt the compromised data. The victim did not to pay the ransom, restoring their data via backups, a critical line of defense against ransomware attacks, and contacted police.

Investigators from Peel Regional Police Technical Crime Services commenced Project Nectar in May 2022 in collaboration with the National Cybercrime Coordination Centre (NC3) into the disruption and dismantling of the HIVE ransomware group infrastructure. As the lead Canadian law enforcement agency, Peel Regional Police conducted a separate, parallel investigation alongside the Federal Bureau of Investigation (FBI), Europol, and the Joint Cybercrime Action Taskforce (J-CAT).

This technical achievement follows a complex investigation involving law enforcement authorities from Canada, France, Germany, Netherlands, Lithuania, Portugal, Romania, Spain, Sweden, Norway, the United Kingdom, and the United States, with the coordination of international activity carried out by Europol's European Cybercrime Centre (EC3).

Cybercrime attacks committed by these threat actors access secure computer systems for financial gain, political reasons, thrill-seeking, or notoriety. A breached computer system would also allow the criminals to infect the computer with a virus, which could disrupt or destroy the victim's technical infrastructure. The secure information can also be stolen from the breached computer system and sold on a black market for a significant amount.

I thank our dedicated Peel Regional Police investigators and federal law enforcement agencies within Canada, North America, and overseas for the success of this project and for our on-going strategic partnerships. These complex cybercrime investigative collaborations are making significant progress in disrupting and dismantling sophisticated, global cybercriminal enterprises. In working together with our national and international policing partners, we leverage the very best intelligence data to hold accountable those threat actors that victimize our communities.Peel Regional Police Deputy Chief, Nick Milinovich

Ransomware underscores the borderless nature of cybercrime and the need for domestic and international law enforcement coordination. This operational success can be attributed to police services in multiple countries coming together with a common purpose and the initiating action of victims reporting incidents to police. Reporting instances, whether a victim or not, is essential to enabling law enforcement action and identifying linkages. RCMP's Director General of the National Cybercrime Coordination Centre and Canadian Anti-Fraud Centre, Chris Lynam

If you suspect that you may have been the victim of a cybercrime attack, you are encouraged to report it to police. Anyone with information on this incident, is asked to contact investigators at 905-453-2121 extension 3394 Anonymous information may also be submitted by calling Peel Crime Stoppers at 1-800-222-TIPS (8477), by visiting peelcrimestoppers.ca.

Subscribe to us on YouTube and follow us on Twitter, Facebook, TikTok, and Instagram.

For media inquiries, don't hesitate to get in touch with the on-duty Public and Media Relations Officer at 905- 453-2121, extension 4027.

N/R: 23-020

Peel Regional Police - A Safer Community Together

-30-