A multi-year, cross-border investigation involving 12 countries leads to infrastructure takedown and domain seizure of cybercriminals.

January 26, 2023 – An international law enforcement operation involving 12 countries has resulted in the takedown and seizure of the infrastructure of the HIVE ransomware group. The group had been targeting governments, businesses and individuals in the United States, Europe and Canada for years, and at least 71 Canadian businesses and organizations had been affected, causing lost productivity and financial impact.

On November 7, 2021, a business in the Region of Peel fell victim to a ransomware attack by the HIVE group, whereby their entire computer network was rendered inoperable and a significant amount of data was compromised.

The suspects identified themselves as the HIVE Ransomware Group and demanded payment in Bitcoin to decrypt the compromised data. The victim did not pay the ransom, instead restoring their data via backups and contacting the police.

This led to the initiation of Project Nectar by investigators from Peel Regional Police Technical Crime Services and the National Cybercrime Coordination Centre (NC3), aimed at disrupting and dismantling the HIVE ransomware group infrastructure. The investigation was conducted alongside the Federal Bureau of Investigation (FBI), Europol, and the Joint Cybercrime Action Taskforce (J-CAT).

This complex operation was a technical achievement that involved law enforcement authorities from 12 countries, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). It is a prime example of the need for domestic and international law enforcement coordination in dealing with cybercrime, which often knows no borders.

Peel Regional Police Deputy Chief Nick Milinovich

Peel Regional Police Deputy Chief, Nick Milinovich, praised the work of the investigators and federal law enforcement agencies and emphasized the importance of reporting incidents to the police in enabling law enforcement action and identifying linkages. The RCMP’s Director General of the National Cybercrime Coordination Centre and Canadian Anti-Fraud Centre, Chris Lynam, also emphasized the importance of reporting instances, whether a victim or not, in tackling cybercrime.