US Takes Desperate Measures to Curb Ransomware; Places $10 Million on Hive

The U.S. State Department is offering rewards of up to $10 million for any information aiding in the location, identification, or apprehension of individuals associated with the Hive ransomware gang.

According to the FBI, this ransomware syndicate has extracted approximately $100 million from more than 1,300 companies spanning over 80 countries between June 2021 and November 2022.

“The Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or whereabouts of any individual(s) holding key leadership roles within the transnational organized crime group associated with the Hive ransomware variant,” stated the State Department.

“Additionally, we are offering a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country involved in conspiring to engage in or attempting to engage in Hive ransomware activities.”

US Involves Allies in Hunting Hive

In January 2023, the U.S. government also introduced rewards of up to $10 million for tips linking Hive ransomware (or other threat groups) to foreign governments.

Previously, the State Department announced bounties of up to $15 million for information on the whereabouts of members associated with the Clop, Conti, REvil (Sodinokibi), and Darkside ransomware operations. These rewards are administered through the Transnational Organized Crime Rewards Program (TOCRP), which has disbursed over $135 million for valuable tips since 1986.

The FBI’s Operation Against Ransomware

The reward offer follows an international law enforcement operation leading to the seizure of Hive ransomware’s Tor websites in January 2023.

As part of this collaborative effort, FBI agents infiltrated Hive servers hosted by a provider in California in July 2022 and clandestinely monitored the gang’s activities for six months (Dutch law enforcement also gained access to Hive’s backup servers in the Netherlands).

“The FBI has penetrated Hive’s computer networks since late July 2022, obtaining its decryption keys and offering them to victims worldwide, thwarting demands of $130 million in ransom,” stated the Justice Department.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to victims under attack. Additionally, the FBI distributed over 1,000 extra decryption keys to previous Hive victims.”

In addition to decryption keys, the FBI uncovered communication records, malware file hashes, and details on 250 affiliates associated with Hive ransomware.

The Hive ransomware-as-a-service (RaaS) operation emerged in June 2021, and its operators are notorious for infiltrating organizations through phishing campaigns, exploiting vulnerabilities in internet-facing devices, and utilizing purchased credentials.

Unlike other ransomware groups that avoid targeting emergency services and healthcare entities, Hive ransomware does not discriminate and will encrypt any target it infiltrates.