The US government has put out an unprecedented $10 million reward for information leading to the identification and/or location of leaders of the Hive ransomware group. Additionally, the Department of State said it will pay up to $5 million for information that results in the arrest and/or conviction of individuals involved in Hive ransomware activity. The rewards are being offered under the US’ Transnational Organized Crime Rewards Program. This announcement comes after an international law enforcement operation dismantled key infrastructure used by the Hive gang in January 2023.
One year after the international operation, the FBI was able to access the group’s computer networks, capture decryption keys, and distribute them to Hive victims globally, saving an estimated $130 million in ransom demands. The Hive group, discovered in June 2021, is believed to have made over $100 million before the law enforcement action. Their victims included important industries such as healthcare, education, and government.
The dismantling of ransomware groups’ infrastructure can have a short-term impact on the ability of threat actors to carry out attacks. However, if the operators and affiliates remain at large, they are likely to reorganize and shift their activities to other groups and strains. For example, some Qakbot affiliates are still deploying ransomware despite the takedown of the Qakbot group’s infrastructure by law enforcement in August 2023.
Dr. Ilia Kolochenko, CEO and Chief Architect at ImmuniWeb, believes that offering an award for information leading to the arrest of Hive leaders may exploit tension within and between cybercrime gangs, especially given the current geopolitical environment. Paying the award could turn out to be a much cheaper way to arrest the perpetrators compared to complex, cross-border investigations. However, it remains to be seen how the US will approach the situation if an informant happens to be under sanctions. Paying could violate the law, while not paying will undermine confidence in any future promises made by the government.
A report by Chainalysis on February 7 found that ransomware actors collected more than $1 billion in extortion money from victims in 2023, a record high. This highlights the urgent need to crack down on ransomware groups and their activities to protect individuals and businesses from the devastating financial and operational impact of such attacks. With the high financial stakes involved, the US government’s decision to offer a significant reward for information leading to the arrest of Hive leaders underlines the severity of the issue and the determination to bring these cybercriminals to justice.