French police arrests Russian suspect linked to Hive ransomware

Trending 2 months ago

Hand holding US dollars

French authorities arrested a Russian nationalist successful Paris for allegedly helping nan Hive ransomware pack pinch laundering their victims' ransom payments.

"New apprehension successful nan Hive ransomware affair: aft nan world hunt successful January to dismantle this web of hackers constituting a superior threat, nan Judicial Police arrested successful Paris an individual suspected of having laundered money from these cyber attacks," nan French National Police said (automated translation).

The fishy was apprehended aft nan French Anti-Cybercrime Office (OFAC) linked him to integer wallets that received millions of U.S. dollars from suspicious sources based connected his activity connected societal networks.

Police agents besides seized €570,000 worthy of cryptocurrency assets erstwhile they detained nan 40-year-old fishy and Cyprus resident connected December 5, arsenic first reported by LeMagIT.

"At nan aforesaid time, nan afloat practice pinch Europol, Eurojust and nan Cypriot authorities made it imaginable to hunt his location successful a Cypriot seaside resort, frankincense providing important elements of investigation," said Nicolas Guidoux, a Deputy Director successful nan French Ministry of nan Interior.

"On December 9, 2023, he was referred to nan specialized prosecutor's agency of nan Paris judicial court."

This comes aft Hive ransomware's Tor websites were seized successful January successful an world rule enforcement cognition aft nan FBI infiltrated nan gang's servers successful precocious July 2022.

Hive ransomware tract seizure noticeHive ransomware tract seizure announcement (BleepingComputer)

​This provided elaborate accusation astir Hive's attacks earlier they occurred and helped pass their targets. The FBI besides obtained and provided victims pinch complete 1,300 decryption keys, preventing astir $130 cardinal successful ransom payments from falling into nan cybercriminals' hands.

Besides decryption keys, nan FBI and Dutch constabulary besides discovered Hive connection records, malware record hashes, and specifications connected 250 Hive affiliates stored connected Hive servers astatine a hosting supplier successful California and backup servers successful nan Netherlands.

The U.S. State Department is now offering up to $10 million for immoderate accusation that could thief nexus nan Hive ransomware group (or different threat actors) pinch overseas governments.

In November, nan FBI revealed that this ransomware cognition had extorted astir $100 cardinal from complete 1,500 companies since June 2021.

Hive victims mapHive victims representation (FBI)

​Hive operated arsenic a ransomware-as-a-service (RaaS) supplier for complete 2 years since June 2019. It utilized phishing attacks, exploited vulnerabilities successful internet-facing devices, and compromised stolen credentials to breach organizations.

Since rule enforcement took down nan gang's infrastructure, a caller ransomware-as-a-service (RaaS) cognition named Hunters International has surfaced utilizing codification utilized by nan Hive ransomware operation.

While analyzing a Hunters International ransomware sample, information interrogator Will Thomas recovered codification overlaps and similarities that matched complete 60% of Hive ransomware's code.

This led to nan valid presumption that nan aged ransomware pack has resumed activity nether a different brand.

Yet, nan Hunters International corporate refutes nan researchers' claims, dismissing them arsenic "allegations," saying they're a caller ransomware work that purchased nan encryptor root codification from Hive's developers.

Moreover, nan group claims that their superior attraction isn't encryption; instead, their operation's superior extremity is to bargain information and usage it to unit victims into paying ransoms.