The Hive hacker group, linked to dozens of international attacks, including that of the Costa Rican Social Security Fund (CCSS), received a new sanction. Last January, the cell was dismantled by the US authorities and, last Tuesday, the US Treasury Department issued a series of sanctions against Mikhail Matveev, developer of the hacking systems.
Matveev was defined as a “key player in the Russian ransomware system”, by imputing a link to Russia through the Hive, LockBit, and Babuk computer schemes. Initially, his actions against US entities such as the police system or an airline are claimed. However, it is also noted that the network has taken blows globally.
“They have been responsible for millions of dollars in losses for victims in the United States and around the world. The Hive ransomware group alone has targeted more than 1,500 victims in more than 80 countries, including hospitals, school districts, financial firms, and other critical infrastructure”. According to the analysis, about 75% of the cyberattacks detected in recent years were related to Russia.
The measures against Matveet
The list of sanctions against Matveet is extensive and includes actions in various fields. As for the economic, all the properties and assets of man are blocked. By the way, monitoring is activated for people who make transactions with him. Additionally, lawsuits were filed against him in Washington and New Jersey.
To move forward with his capture, the State Department has set up a US$10 million reward for information leading to Matveev’s arrest or conviction. “The United States will not tolerate ransomware attacks against our people and our institutions”, said Assistant Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Ransomware actors like Matveev will be held accountable for their crimes and we will continue to use all available authorities and tools to defend against cyber threats”, he added.
When Hive hit the CCSS database
Exactly 1 year ago, on May 31st, 2022, the cyberattack on the Costa Rican Social Security Fund (CCSS) was reported. In the early morning of that day, the intervention in the servers was reported, which affected a series of services and information of the institution. The movement was first reported at the San Vicente de Paul Hospital, in Heredia, and spread throughout the national health system.
From that same day, the then president of the CCSS, Álvaro Ramos, pointed out that it would be an attack from the Hive line. At that time, the CCSS authorities decided to disconnect the systems to avoid further damage. Out of the more than 1,500 servers that the institution has, they had detected some failure in 30 of them. In addition, they considered that by turning off the systems they managed to prevent hackers from encapsulating the systems and databases.
The Comptroller General of the Republic reported in a report that social security was the victim of an attack in different stages. First, it consisted of the theft of social media credentials; then, with attacks on databases, ex-filtration of information and the attack forced the Fund to download critical systems such as the Single Health File (EDUS), which paralyzed, in many cases, the scheduling of appointments and monitoring of patients electronically, at least until September of last year.
