- Joined
- Dec 3, 2020
- Messages
- 1,780
The Paris arrest put an end to the history of one of the largest extortion operations.
This week, French police detained a 40-year-old man in Paris suspected of laundering money from the Hive ransomware group. During a search of the detainee's house, located in Cyprus, the police seized cryptocurrency worth more than 570,000 euros. This international operation was carried out with the assistance of Europol and Eurojust.
By November 2022, Hive had attacked more than 1,300 companies worldwide, earning more than $100 million, according to U.S. intelligence agencies and cybersecurity researchers.
Hive ransomware has operated since June 2021 under a RaaS model, providing all the necessary ransomware tools to anyone. In attacks using this software, hackers typically used a double extortion model: first they stole data and encrypted it on the victim’s computer, and then threatened to post it on their leak site unless a ransom was paid. This dramatically undermined the position of the hacked companies.
In April 2021, the FBI issued an emergency alert on the Hive attacks, including technical details and indicators of compromise related to the group's activities. According to blockchain analytics company Chainalysis, Hive has become one of the top 10 most profitable ransomware programs of 2021.
Operation Hive was dismantled in January 2023 by the FBI in coordination with German and Dutch police forces and Europol. A Tor leak site used by Hive operators has been seized as part of an international law enforcement operation in 10 countries.
Shortly after the seizure of the Hive infrastructure, a new ransomware group called “Hunters International” emerged in cyberspace, which is suspected, due to the use of similar code and tools, to be a renamed Hive group with all the remaining members.
Although law enforcement agencies have made efforts to combat such groups by apprehending individual participants and dismantling their infrastructure, the business model of cyber extortion itself has proven to be extremely resilient. New groups are emerging very quickly to replace the old ones.
In this regard, companies and organizations need to pay increased attention to protecting their data and systems from hacks and attacks. And states should join forces at the international level to more effectively combat this unprecedented threat.
This week, French police detained a 40-year-old man in Paris suspected of laundering money from the Hive ransomware group. During a search of the detainee's house, located in Cyprus, the police seized cryptocurrency worth more than 570,000 euros. This international operation was carried out with the assistance of Europol and Eurojust.
By November 2022, Hive had attacked more than 1,300 companies worldwide, earning more than $100 million, according to U.S. intelligence agencies and cybersecurity researchers.
Hive ransomware has operated since June 2021 under a RaaS model, providing all the necessary ransomware tools to anyone. In attacks using this software, hackers typically used a double extortion model: first they stole data and encrypted it on the victim’s computer, and then threatened to post it on their leak site unless a ransom was paid. This dramatically undermined the position of the hacked companies.
In April 2021, the FBI issued an emergency alert on the Hive attacks, including technical details and indicators of compromise related to the group's activities. According to blockchain analytics company Chainalysis, Hive has become one of the top 10 most profitable ransomware programs of 2021.
Operation Hive was dismantled in January 2023 by the FBI in coordination with German and Dutch police forces and Europol. A Tor leak site used by Hive operators has been seized as part of an international law enforcement operation in 10 countries.
Shortly after the seizure of the Hive infrastructure, a new ransomware group called “Hunters International” emerged in cyberspace, which is suspected, due to the use of similar code and tools, to be a renamed Hive group with all the remaining members.
Although law enforcement agencies have made efforts to combat such groups by apprehending individual participants and dismantling their infrastructure, the business model of cyber extortion itself has proven to be extremely resilient. New groups are emerging very quickly to replace the old ones.
In this regard, companies and organizations need to pay increased attention to protecting their data and systems from hacks and attacks. And states should join forces at the international level to more effectively combat this unprecedented threat.