November 13, 2023 at 05:05PM
The Hive ransomware group, which was disrupted by the FBI earlier this year, has transferred its malware code to another group called Hunters International. Both security researchers and Bitdefender have found code similarities between the two groups, suggesting that Hive operators have handed off their operations to the new threat actor. It remains to be seen if Hunters International will be as formidable as Hive.
Key Takeaways from the meeting notes:
1. The FBI successfully disrupted the Hive ransomware operation earlier this year, but the group’s malware code continues to pose a threat.
2. Bitdefender’s analysis found substantial code overlaps between the Hive ransomware and a new group called Hunters International, suggesting that Hive operators transferred their assets to this group.
3. While Hive was a dangerous ransomware group, it remains to be seen if Hunters International will be equally or more formidable.
4. During their operation, the FBI and its partners seized control of Hive’s infrastructure, captured decryption keys, and saved victims a cumulative $130 million in losses.
5. In recent months, Hive’s operators appear to have transferred their code to Hunters International, who focus on extortion via data exfiltration rather than data encryption.
6. Hunters International is still finding its way in the ransomware space and has a relatively low number of victims, but they have a mature toolkit and aim to demonstrate their capabilities.
7. Evidence suggests that Hunters International is an independent group using Hive malware and infrastructure, rather than a rebranded version of Hive.
8. Hive’s decision to sell its malware code indicates the challenges criminal groups face in recovering from successful takedowns and rebuilding their operations.
9. The price for the ransomware code is hard to determine, but affiliates like Hunters would be willing to pay a premium for ransomware with a good reputation and technical capabilities.
10. The value of the code extends beyond its technical capabilities and includes the trust and established reputation of the ransomware in the cybercriminal community.