Security News

A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report...

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S....

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving...

The US government has placed an extra $5 million bounty on Hive ransomware gang members - its second such reward in a year. The FBI has also put up an additional $5 million award for information leading to the arrest and/or conviction of any person "Conspiring to participate in or attempting to participate in Hive ransomware activity."

The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. "Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group," the State Department said.

French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments. "New arrest in the Hive ransomware affair: after the international search in January to dismantle this network of hackers constituting a serious threat, the Judicial Police arrested in Paris an individual suspected of having laundered money from these cyber attacks," the French National Police said.

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. While it's common for ransomware actors to regroup, rebrand, or disband their activities following such seizures, what can also happen is that the core developers can pass on the source code and other infrastructure in their possession to another threat actor.

Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise. While these are not confirmed to be ransomware attacks, they share many signs usually associated with such attacks.

A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. Security researchers analyzing a sample of the Hunters International malware discovered a striking resemblance to the code used in Hive ransomware attacks.

Uncle Sam has put up a $10 million reward for intel on Hive ransomware criminals' identities and whereabouts, while Russia has blocked the FBI and CIA websites, along with the Rewards for Justice site offering the bounty. The $10 million bonty is part of the US State Department's Rewards for Justice program, and in a Thursday tweet the agency sought tips for Hive members "Acting under the direction or control of a foreign government." The notice also referenced the FBI's Hive website takedown, which the feds announced earlier that day.