The FBI announced in November that since June 2021, this ransomware operation had stolen almost $100 million from more than 1,500 businesses. For information that could assist in tying the Hive ransomware organization (or other threat actors) with the international organization, the U.S. Department of State is now offering up to $10 million. A specialized profession that can make anyone a cyber-shakedown artist. Hive was a “ransomware as a service” (RaaS) company, leasing its software and tactics to extort targets.
In the ransomware ecosystem, actors specialize in optimizing efficiency. “For information regarding the identity or whereabouts of any person engaging in malicious cyber activity against U.S. critical infrastructure while operating at the behest of a foreign government in violation of the Computer Fraud and Abuse Act.”
The State Department additionally provided rewards of up to $15 million over the last two years for information leading to the capture of members of the Conti, REvil (Sodinokibi), and Darkside ransomware operations. The Transnational Organized Crime Awards Program (TOCRP), through which the State Department has disbursed over $135 million in rewards since 1986, offers these rewards.
Decryption Keys Provided To Hive Victims
This offer follows the seizure of the Tor websites used by the Hive ransomware today as part of a global law enforcement operation. The FBI discreetly observed the operation for six months after infiltrating Hive computers at a hosting company in California last July, according to information released by the Justice Department (Dutch police gained access to backup servers hosted in the Netherlands).
As a result, the FBI was able to provide over 1,300 decryption keys to Hive victims and alert targets about impending assaults as soon as it knew about them, sparing the victims at least $130 million in ransom payments. According to the statement, the victims included hospitals, educational systems, financial institutions, and vital infrastructure.
The FBI also found information on 250 Hive affiliates, malware file hashes, decryption keys, and Hive communication logs. The ransomware gang now has an animated seizure banner notifying other ransomware gangs of this coordinated effort and listing the law enforcement agencies and nations involved in this global takedown operation on its Tor payment and data leak sites.
“This secret location has been taken. This website was taken down by the Federal Bureau of Investigation as part of a concerted law enforcement operation against Hive Ransomware “It says on the seizure notice.
“This action has been taken in collaboration with the Department of Justice’s Computer Crime and Intellectual Property Section and the United States Attorney’s Office for the Middle District of Florida with significant support from Europol.”
Previous Crackdown On Hive
The ransomware-as-a-service provider Hive previously targeted a variety of sectors and vital infrastructure, with a concentration on healthcare and public health organizations. In August 2021, the gang named Memorial Health System in Illinois its first medical field victim. Empress EMS in New York and Costa Rica’s public health service were the next two. In October, Hive also targeted Tata Power, a leading provider of electricity in India.
Garland continued by stating that the FBI has also started dismantling Hive’s front- and back-end infrastructure domestically and internationally, including the seizure of two of Hive’s back-end servers in Los Angeles. No arrests or indictments were made during the news briefing, and the FBI did not disclose how it discovered the Hive servers.
The FBI announced in November that since June 2021, this ransomware operation had stolen almost $100 million from more than 1,500 businesses. For information that could assist in tying the Hive ransomware organization (or other threat actors) with the international organization, the U.S. Department of State is now offering up to $10 million. “Send us any information or tip via our Tor tip line if you know anything that connects Hive or any other hostile cyber actors attacking U.S. critical infrastructure to a foreign government. You might be qualified to get a reward, “According to the Rewards for Justice Twitter account of the State Department.