US offers $10 million reward for information leading to arrest of Hive ransomware leader
The U.S. State Department has announced a reward of up to $10 million for information leading to individuals who held key positions in the Hive ransomware operation.
It is also giving away an additional $5 million to identify people that may lead to the arrest and/or conviction of anyone who “conspired to engage in or attempted to engage in Hive ransomware activity.”
More than a year later, a coordinated law enforcement operation covertly infiltrated and dismantled darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) gang, resulting in a multi-million dollar reward. A person suspected of being linked to the group was arrested in Paris in December 2023.
Hive emerged in mid-2021 and targeted more than 1,500 victims in more than 80 countries, earning approximately $100 million in illicit revenue. In November 2023, Bitdefender revealed that a new ransomware group called Hunters International had obtained source code and infrastructure from Hive to launch its own operations.
According to information gathered by Netenrich security researchers, there is some evidence that threat actors associated with Hunters International may be based in Nigeria, specifically an individual named Olowo Kehinde Rakesh Krishnanalthough this could also be a fake persona adopted by the actors to disguise their true origins.
In a 2023 assessment released last week, blockchain analytics firm Chainaanalysis estimated that ransomware criminals extorted $1.1 billion in cryptocurrency payments from victims last year, up from $567 million in 2022, all but confirming the extortion rate. Software rebounded in 2023 after a relative decline in 2022.
“2023 marks a massive resurgence of ransomware, with record payments and a significant increase in the scope and sophistication of attacks, a significant reversal from the downward trend seen in 2022,” the report said.
The decline in ransomware activity in 2022 is considered a statistical anomaly, with the decline attributed to the Russia-Ukraine war and Hive outages. Additionally, the total number of victims posted on data breach websites in 2023 was 4,496, up from 3,048 in 2021 and 2,670 in 2022.
In an analysis of victims publicly listed by ransomware gangs on dark websites, Palo Alto Networks Unit 42 noted that manufacturing is the most affected industry vertical in 2023, followed by professional and legal services, high technology, retail, construction and the healthcare industry.
While the law enforcement action prevented approximately $130 million in ransom payments to Hive, it is said that the operation also “may have affected the broader activities of Hive affiliates, potentially reducing the number of additional attacks they could launch.” Overall said the effort likely avoided at least $210.4 million in payments.
In addition to the escalating regularity, scope and volume of attacks, the past year has also seen a surge in new entrants and offshoots, suggesting that the ransomware ecosystem is attracting a steady stream of new players attracted by the prospect of high profits and Lower barriers to entry.
Cyber insurance provider Corvus said the number of active ransomware groups increased “significantly” by 34% from the first quarter of 2023 to the fourth quarter of 2023, from 35 to 47, either due to fragmentation and rebranding. Either another actor got hold of the leaked encryptor. 25 new ransomware groups emerged in 2023.
“The frequency of rebranding, especially among the players behind the largest and most notorious strains, is an important reminder that the ransomware ecosystem is smaller than the vast number of strains it emerges from,” Chainaanalysis said. .”
In addition to a notable shift toward big game hunting (a tactic that refers to the targeting of very large companies for huge ransoms), ransom payments are steadily being made via cross-chain bridges, instant exchangers, and gambling services, suggesting that electronic criminal gangs are slow to Slowly move away from centralized exchanges and mixers and seek new ways to launder money.
In November 2023, the U.S. Treasury Department imposed sanctions on Sinbad, a virtual currency mixer used by the North Korea-linked Lazarus Group to launder money. Some other sanctioned mixers include Blender, Tornado Cash, and ChipMixer.
The shift to big game hunting is also the result of companies’ increasing refusal to settle, as the number of victims choosing to pay fell to a new low of 29% in the final quarter of 2023, according to Coveware.
“Another factor contributing to the increase in ransomware volume in 2023 is a significant shift in the use of vulnerabilities by threat actors,” Corvus said. He highlighted Cl0p’s exploitation of vulnerabilities in Fortra GoAnywhere and Progress MOVEit Transfer.
“If malware like Infostealer is constantly delivering new ransomware victims, then a major breach is like turning on a faucet. With certain vulnerabilities, thousands of victims can be accessed with relative ease, seemingly overnight. “
Cybersecurity company Recorded Future revealed that ransomware groups weaponize security vulnerabilities into two broad categories: vulnerabilities exploited by only one or two groups and vulnerabilities widely exploited by multiple threat actors.
“Magniber is particularly focused on Microsoft vulnerabilities, with half of the unique vulnerabilities focused on Windows Smart Screen,” it noted. “Cl0p specializes in file transfer software from Accellion, SolarWinds and MOVEit. ALPHV specializes in data backup software from Veritas and Veeam. REvil specializes in server software from Oracle, Atlassian and Kaseya.”
The rise in DarkGate and PikaBot infections also demonstrates cybercriminals’ continued adaptation following the takedown of the QakBot malware network, which continues to be the preferred initial route for ransomware deployment into target networks.
“Ransomware groups such as Cl0p use zero-day exploits to target newly discovered critical vulnerabilities, posing a complex challenge to potential victims,” Unit 42 said.
“While ransomware leak site data can provide valuable insights into the threat landscape, these data may not accurately reflect the full impact of a vulnerability. Organizations must not only remain vigilant for known vulnerabilities, but also have strategies for rapid response and mitigation of zero-day vulnerabilities The impact of exploiting.”
//platform.twitter.com/widgets.js
from Tech Empire Solutions https://techempiresolutions.com/us-offers-10-million-reward-for-information-leading-to-arrest-of-hive-ransomware-leader/
via https://techempiresolutions.com/
from Tech Empire Solutions https://techempiresolutions.wordpress.com/2024/02/12/us-offers-10-million-reward-for-information-leading-to-arrest-of-hive-ransomware-leader/
via https://techempiresolutions.com/
from Mary Ashley https://maryashle.wordpress.com/2024/02/12/us-offers-10-million-reward-for-information-leading-to-arrest-of-hive-ransomware-leader/
via https://techempiresolutions.com/
Comments
Post a Comment