The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.
The FBI says this ransomware group had extorted roughly $100 million from over 1,300 companies across more than 80 countries between June 2021 and November 2022.
“Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group,” the State Department said.
“In addition, we are also announcing a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in Hive ransomware activity.”
In January 2023, the U.S. government also announced rewards of up to $10 million for tips that could help link Hive ransomware (or other threat groups) with foreign governments.
The State Department has previously announced bounties of up to $15 million for location information on members of the Clop, Conti [1, 2], REvil (Sodinokibi), and Darkside ransomware operations.
These rewards are offered through the Transnational Organized Crime Rewards Program (TOCRP), with over $135 million paid for helpful tips since 1986.
Hive ransomware hacked by the FBI
The offer comes after an international law enforcement operation led to the seizure of Hive ransomware’s Tor websites in January 2023.
As part of this joint action, FBI agents infiltrated Hive servers at a hosting provider in California in July 2022 and secretly monitored the gang’s activity for six months (Dutch law enforcement also gained access to Hive’s backup servers in the Netherlands).
“Since late July 2022, the FBI has penetrated Hive’s computer networks, captured its decryption keys, and offered them to victims worldwide, preventing victims from having to pay $130 million in ransom demanded,” the Justice Department said.
“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims.”
Besides decryption keys, the FBI also discovered Hive communication records, malware file hashes, and information on 250 affiliates.
The Hive ransomware-as-a-service (RaaS) operation surfaced in June 2021, and its operators are known for breaching organizations via phishing campaigns, exploiting vulnerabilities in internet-exposed devices, and using purchased credentials.
Unlike other ransomware groups that avoid targeting emergency services and healthcare entities, Hive does not discriminate and will breach and encrypt any target.