How a Toronto-area police force helped take down a Russian-linked ransomware group

A Toronto-area police force is opening up about how it became involved in the international efforts to legally hack one of the most aggressive ransomware groups in the world.

A Toronto-area police force is opening up about how it became involved in the international efforts to legally hack one of the most aggressive ransomware groups in the world.

The contributions by Peel Regional Police are one reason a Canadian flag is among the icons displayed on what used to be the dark website for the Russian-linked ransomware group Hive, along with the logos of the U.S. Department of Justice, the FBI, and a variety of police forces around the world.

Peel’s officers got involved early when a business in the area came to them in 2021, saying their systems were down and a text message on their desktops showed a ransom note, said Detective Const. Karim Hussain in an interview with CTV News Toronto.

“We had one of the first cases in Canada of Hive ransomware,” said Hussain. “It was the first to market. At the time we started gathering evidence, Hive was a fairly new ransomware group. Everything we brought to the table was interesting because no one had seen it before.”

Details of the case matched with other high-profile incidents, including a hospital in Louisiana where hackers accessed data on 270,000 patients, and a hospital in Ohio that was attacked and couldn’t accept new patients even as COVID-19 cases were surging.

Those were among more than 1,500 attacks worldwide that had the digital fingerprints of Hive, a group whose affiliates have netted some $150 million since 2021, police say, as they extort businesses for money in exchange for getting access to their data or their system back.

The attacks are done through a “ransomware as a service” model, meaning a small group of people design malicious software, and then share the tool with many others, rapidly scaling up their attacks before the security holes they exploit can be plugged.