Sunday, March 3, 2024

U.S. Affords $10 Million Bounty for Information Resulting in Arrest of Hive Ransomware Leaders

Hive Ransomware

The U.S. Division of State has introduced financial rewards of as much as $10 million for details about people holding key positions inside the Hive ransomware operation.

It is usually freely giving an extra $5 million for specifics that would result in the arrest and/or conviction of any particular person “conspiring to take part in or trying to take part in Hive ransomware exercise.”

The multi-million-dollar rewards come a bit over a yr after a coordinated legislation enforcement effort covertly infiltrated and dismantled the darknet infrastructure related to the Hive ransomware-as-a-service (RaaS) gang. One particular person with suspected ties to the group was arrested in Paris in December 2023.

Hive, which emerged in mid-2021, focused greater than 1,500 victims in over 80 international locations, netting about $100 million in unlawful revenues. In November 2023, Bitdefender revealed {that a} new ransomware group referred to as Hunters Worldwide had acquired the supply code and infrastructure from Hive to kick-start its personal efforts.

There’s some proof to counsel that the menace actors related to Hunters Worldwide are possible primarily based in Nigeria, particularly a person named Olowo Kehinde, per data gathered by Netenrich safety researcher Rakesh Krishnan, though it may be a pretend persona adopted by the actors to cowl up their true origins.

Blockchain analytics agency Chainalysis, in its 2023 evaluate revealed final week, estimated that ransomware crews raked in $1.1 billion in extorted cryptocurrency funds from victims final yr, in comparison with $567 million in 2022, all however confirming that ransomware rebounded in 2023 following a relative drop off in 2022.

“2023 marks a main comeback for ransomware, with record-breaking funds and a considerable improve within the scope and complexity of assaults — a big reversal from the decline noticed in 2022,” it stated.


The decline in ransomware exercise in 2022 has been deemed a statistical aberration, with the downturn attributed to the Russo-Ukrainian battle and the disruption of Hive. What’s extra, the full variety of victims posted on information leak websites in 2023 was 4,496, up from 3,048 in 2021 and a couple of,670 in 2022.

Palo Alto Networks Unit 42, in its personal evaluation of ransomware gangs’ public listings of victims on darkish internet sites, referred to as out manufacturing as probably the most impacted business vertical in 2023, adopted by occupation and authorized companies, excessive expertise, retail, building, and healthcare sectors.

Whereas the legislation enforcement motion prevented roughly $130 million in ransom funds to Hive, it is stated that the takedown additionally “possible affected the broader actions of Hive associates, doubtlessly lessening the variety of further assaults they may perform.” In complete, the trouble might have averted not less than $210.4 million in funds.

Including to the escalation within the regularity, scope, and quantity of assaults, final yr additionally witnessed a surge in new entrants and offshoots, an indication that the ransomware ecosystem is attracting a gradual stream of latest gamers who’re attracted by the prospect of excessive income and decrease obstacles to entry.

Cyber insurance coverage supplier Corvus stated the variety of energetic ransomware gangs registered a “important” 34% improve between Q1 and This autumn 2023, rising from 35 to 47 both on account of fracturing and rebranding or different actors getting maintain of leaked encryptors. Twenty-five new ransomware teams emerged in 2023.

“The frequency of rebranding, particularly amongst actors behind the largest and most infamous strains, is a crucial reminder that the ransomware ecosystem is smaller than the massive variety of strains would make it seem,” Chainalysis stated.

Apart from a notable shift to large recreation searching, which refers back to the tactic of concentrating on very giant firms to extract hefty ransoms, ransom funds are being steadily routed via cross-chain bridges, prompt exchangers, and playing companies, indicating that e-crime teams are slowly transferring away from centralized exchanges and mixers in pursuit of latest avenues for cash laundering.

Hive Ransomware Leaders

In November 2023, the U.S. Treasury Division imposed sanctions towards Sinbad, a digital foreign money mixer that has been put to make use of by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. Among the different sanctioned mixers embody Blender, Twister Money, and ChipMixer.

The pivot to large recreation searching can be a consequence of firms more and more refusing to settle, because the variety of victims who selected to pay dropped to a brand new low of 29% within the final quarter of 2023, in accordance with information from Coveware.

“One other issue contributing to larger ransomware numbers in 2023 was a serious shift in menace actors’ use of vulnerabilities,” Corvus stated, highlighting Cl0p’s exploitation of flaws in Fortra GoAnywhere and Progress MOVEit Switch.


“If malware, like infostealers, present a gradual drip of latest ransomware victims, then a serious vulnerability is like turning on a faucet. With some vulnerabilities, comparatively quick access to 1000’s of victims can materialize seemingly in a single day.”

Cybersecurity firm Recorded Future revealed that ransomware teams’ weaponization of safety vulnerabilities falls into two clear classes: vulnerabilities which have solely been exploited by one or two teams and people which have been broadly exploited by a number of menace actors.

“Magniber has uniquely targeted on Microsoft vulnerabilities, with half of its distinctive exploits specializing in Home windows Good Display screen,” it famous. “Cl0p has uniquely and infamously targeted on file switch software program from Accellion, SolarWinds, and MOVEit. ALPHV has uniquely targeted on information backup software program from Veritas and Veeam. REvil has uniquely targeted on server software program from Oracle, Atlassian, and Kaseya.”

Hive Ransomware Leaders

The continual adaptation noticed amongst cybercrime crews can be evidenced within the uptick in DarkGate and PikaBot infections following the takedown of the QakBot malware community, which has been the popular preliminary entry pathway into goal networks for ransomware deployment.

“Ransomware teams comparable to Cl0p have used zero-day exploits towards newly found essential vulnerabilities, which signify a fancy problem for potential victims,” Unit 42 stated.

“Whereas ransomware leak website information can present helpful perception on the menace panorama, this information may not precisely replicate the complete influence of a vulnerability. Organizations should not solely be vigilant about recognized vulnerabilities, however they need to additionally develop methods to shortly reply to and mitigate the influence of zero-day exploits.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles