French police arrests Russian suspect linked to Hive ransomware

French police arrests Russian suspect linked to Hive ransomware

December 13, 2023 at 03:27PM

French authorities arrested a Russian national in Paris for alleged involvement in money laundering related to the Hive ransomware gang. He was linked to receiving millions of dollars from suspicious sources through digital wallets. This follows the dismantling of Hive’s servers by the FBI and Dutch police, preventing significant ransom payments and leading to the emergence of a new ransomware operation, Hunters International.

Key Takeaways from the Meeting Notes:

1. French authorities have arrested a Russian national in Paris on suspicion of helping the Hive ransomware gang with laundering ransom payments.

2. The arrest was made after the suspect was linked to digital wallets that received millions of U.S. dollars from suspicious sources, and cryptocurrency assets worth €570,000 were seized by the police.

3. The international cooperation with Europol, Eurojust, and Cypriot authorities aided in the investigation and the search of the suspect’s home in a Cypriot seaside resort.

4. The suspect has been referred to the specialized prosecutor’s office of the Paris judicial court.

5. In a separate operation, the FBI infiltrated Hive ransomware’s servers, leading to the seizure of their Tor websites and the provision of decryption keys to prevent roughly $130 million in ransom payments.

6. The U.S. State Department is offering up to $10 million for any information that could link the Hive ransomware group (or other threat actors) with foreign governments.

7. The FBI revealed that the Hive ransomware operation had extorted around $100 million from over 1,500 companies since June 2021.

8. Another ransomware-as-a-service (RaaS) operation named Hunters International has emerged, showing code overlaps with the Hive ransomware, leading to the assumption that the old gang has resumed activity under a different brand.

9. Hunters International refutes the claims, stating they are a new ransomware service that purchased the encryptor source code from Hive’s developers, and their primary focus is to steal data and use it to pressure victims into paying ransoms.

Full Article