US is offering a $10 million bounty for information leading to the arrest of Hive Ransomware leaders

Hive Ransomware

The US State Department has done that announced monetary rewards of up to $10 million for information on individuals holding key positions within the Hive ransomware operation.

It’s also giving away an additional $5 million for details that could lead to the arrest and/or conviction of any person who “conspires to engage in or attempts to engage in Hive ransomware activity.”

The multi-million dollar rewards come just over a year after a coordinated law enforcement effort covertly infiltrated and dismantled the darknet infrastructure linked to the Hive ransomware-as-a-service (RaaS) gang. One person with suspected ties to the group was arrested in Paris in December 2023.

Hive, which emerged in mid-2021, targeted more than 1,500 victims in more than 80 countries and generated approximately $100 million in illicit revenue. In November 2023, Bitdefender revealed that a new ransomware group called Hunters International had taken over Hive’s source code and infrastructure to boost its own efforts.

Evidence suggests that the threat actors associated with Hunters International are likely based in Nigeria, specifically an individual named Olowo Kehinde. information collected by security researcher from Netenrich Rakesh Krishnanalthough it could also be a fake persona adopted by the actors to cover up their true origins.

Blockchain analytics firm Chainalysis estimated in its 2023 assessment published last week that ransomware teams raked in $1.1 billion in extorted cryptocurrency payments from victims last year, up from $567 million in 2022, all but confirming that ransomware rebounded in 2023 after a relative decline in 2022.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the size and complexity of attacks – a significant reversal from the decline seen in 2022,” the report said. said.

The drop in ransomware activity in 2022 is considered a statistical anomaly, with the downturn attributed to the Russian-Ukrainian war and the disruption of Hive. Furthermore, the total number of victims posted to data breach sites in 2023 was 4,496, compared to 3,048 in 2021 and 2,670 in 2022.

Palo Alto Networks Unit 42, in its own analysis of public lists of victims of ransomware gangs on dark websites, identified manufacturing as the most affected sector in 2023, followed by professional and legal services, high technology, retail, construction and sector. healthcare sectors.

While the law enforcement action prevented approximately $130 million in ransom payments to Hive, it is said that the takedown also likely “affected the broader operations of Hive affiliates, potentially reducing the number of additional attacks they could conduct.” In total, the effort may have prevented at least $210.4 million in payments.

In addition to the escalation in the frequency, scope and volume of attacks, last year also saw a wave of new entrants and offshoots, a sign that the ransomware ecosystem is attracting a steady stream of new players drawn to the prospect of high profits. and lower barriers to entry.

Cyber ​​insurance company Corvus said the number of active ransomware gangs recorded a “significant” increase of 34% between the first and fourth quarters of 2023, from 35 to 47, either due to breaches and rebranding or because other actors got their hands on leaked encryptors. In 2023, 25 new ransomware groups emerged.

“The frequency of rebranding, especially among the actors behind the largest and most notorious strains, is an important reminder that the ransomware ecosystem is smaller than the sheer number of strains makes it seem,” Chainalysis said.

In addition to a notable shift towards big game hunting, which refers to the tactic of targeting very large corporations to demand hefty ransoms, ransom payments are steadily being routed through chain bridges, instant exchangers and gambling services, indicating that e-crime groups are slowly moving from move away centralized exchanges and mixers looking for new avenues for money laundering.

Hive Ransomware Leaders

In November 2023, the US Treasury Department imposed sanctions on Sinbad, a virtual currency mixer used by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. Some of the other sanctioned mixers include Blender, Tornado Cash and ChipMixer.

The shift to big game hunting is also a result of companies increasingly refusing to settle, as the number of victims who chose to pay fell to a new low of 29% in the last quarter of 2023, according to data from Coveware.

“Another factor contributing to higher ransomware numbers in 2023 was a major shift in the use of vulnerabilities by threat actors,” Corvus said. saidwith an emphasis on Cl0p’s exploitation of errors in Fortra GoAnywhere and Progress MOVEit Transfer.

“If malware such as infostealers produces a steady stream of new ransomware victims, then a major vulnerability is like turning on a faucet. With some vulnerabilities, relatively easy access to thousands of victims can become a reality seemingly overnight. “

Cybersecurity firm Recorded Future revealed that the weaponization of security vulnerabilities by ransomware groups falls into two clear categories: vulnerabilities that have only been exploited by one or two groups and vulnerabilities that have been widely exploited by multiple threat actors.

“Magniber has uniquely focused on Microsoft vulnerabilities, with half of its unique exploits centering on Windows Smart Screen,” the report said. noted. “Cl0p has uniquely and infamously focused on file transfer software from Accellion, SolarWinds, and MOVEit. ALPHV has uniquely focused on data backup software from Veritas and Veeam. REvil has uniquely focused on server software from Oracle, Atlassian and Kaseya.”

Hive Ransomware Leaders

The continued adaptation observed among cybercrime squads is also evident from the increase in the number of DarkGate and PikaBot infections following the shutdown of the QakBot malware network, which was the preferred entry route to target networks for ransomware deployment.

“Ransomware groups like Cl0p have used zero-day exploits against newly discovered critical vulnerabilities, posing a complex challenge to potential victims,” Unit 42 said. said.

“While data on ransomware breach locations can provide valuable insight into the threat landscape, this data may not accurately reflect the full impact of a vulnerability. Organizations must not only be vigilant about known vulnerabilities, but they must also develop strategies to quickly respond to and mitigate their impact. the impact of zero-day exploits.”

#offering #million #bounty #information #leading #arrest #Hive #Ransomware #leaders

Notify of
Inline Feedbacks
View all comments
Previous Post
Nightmare to IR Speed and Efficiency

Why are compromised identities the nightmare of IR speed and efficiency?

Next Post
Warzone RAT Infrastructure

The US DoJ dismantles Warzone’s RAT infrastructure and arrests key operators

Related Posts