U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

February 11, 2024 at 11:45PM

The U.S. Department of State is offering up to $10 million for info on Hive ransomware key personnel and $5 million for arrests related to Hive ransomware activities. Hive targeted 1,500+ victims in 80 countries, netting $100 million in illegal revenues. Ransomware activity rebounded in 2023, with a notable shift to big game hunting. Multiple efforts to prevent ransomware payments saw mixed results. New players continue to join the ransomware ecosystem attracted by potential profits. Also included are revelations about changes in money laundering techniques and the exploitation of specific software vulnerabilities by ransomware groups.

Key Takeaways from the Meeting Notes:

1. The U.S. Department of State is offering monetary rewards for information about individuals related to the Hive ransomware operation.

2. Hive ransomware targeted over 1,500 victims in more than 80 countries and raked in about $100 million in illegal revenues.

3. Bitdefender revealed that a new ransomware group called Hunters International acquired the source code and infrastructure from Hive.

4. There is evidence to suggest that the threat actors associated with Hunters International are based in Nigeria, specifically an individual named Olowo Kehinde.

5. Ransomware rebounded in 2023, with ransomware crews estimated to have raked in $1.1 billion in cryptocurrency payments from victims.

6. The decline in ransomware activity in 2022 was attributed to the Russo-Ukrainian war and the disruption of Hive.

7. Palo Alto Networks Unit 42 highlighted various industry verticals impacted by ransomware attacks, with manufacturing being the most affected in 2023.

8. The takedown of Hive ransomware prevented approximately $130 million in ransom payments and likely affected the broader activities of Hive affiliates, averted at least $210.4 million in payments.

9. 2023 witnessed a surge in new entrants and offshoots in the ransomware ecosystem, with cyber insurance provider Corvus noting a 34% increase in active ransomware gangs.

10. Companies increasingly refuse to settle, as the number of victims who chose to pay dropped to a new low of 29% in the last quarter of 2023.

11. Ransom payments are being routed through cross-chain bridges, instant exchangers, and gambling services, indicating a shift away from centralized exchanges and mixers for money laundering.

12. The pivot to big game hunting is also a consequence of companies increasingly refusing to settle, according to data from Coveware.

13. Threat actors are adapting and exploiting security vulnerabilities, with specific focus on certain software and systems such as Microsoft vulnerabilities, file transfer software, and data backup software.

14. There has been an uptick in DarkGate and PikaBot infections following the takedown of the QakBot malware network, representing a complex challenge for potential victims.

These takeaways provide a comprehensive overview of the current landscape of ransomware activities, including the actions of law enforcement, the evolving tactics of ransomware groups, and the impact on victims and targeted industries.

Full Article