The US government has offered a reward of up to $10m for information leading to the identification and/or location of leaders of the Hive ransomware group.
The Department of State also said it will pay up to $5m for information that leads to the arrest and/or conviction of any individual that has participated in or attempted to participate in Hive ransomware activity.
The award is being offered under the US’ Transnational Organized Crime Rewards Program.
The announcement comes more than a year after an international law enforcement operation took down key infrastructure used by the gang, in January 2023.
As part of the operation, the FBI gained access to the group’s computer networks, enabling it to capture decryption keys and distribute them to Hive victims globally. The US government said this saved victims an estimated $130m in ransom demands.
Hive is a ransomware-as-a-service (RaaS) group that was first discovered in June 2021. It is believed to have made its operators and affiliates over $100m before the law enforcement action. Hive’s victims included critical industries like healthcare, education and government.
Why Arresting Ransomware Perpetrators is Necessary
The dismantling of ransomware groups’ infrastructure can have a positive short-term impact on the ability of threat actors to carry out such attacks. However, if the operators and affiliates remain at large, they are likely to reorganize and shift their activities to other groups and strains in time.
For example, Cisco Talos research found that some Qakbot affiliates are still deploying ransomware despite the takedown of the group’s infrastructure by law enforcement in August 2023.
Dr Ilia Kolochenko, CEO and Chief Architect at ImmuniWeb, said the offer of an award for information leading to the identification and potential arrest of Hive leaders may exploit tension within and between cybercrime gangs, particularly in the current geopolitical environment where different gang members may hold different political views.
“All this creates a somewhat unique and hostile environment, where a bounty payment may work and eventually turn out to be a much cheaper way to arrest the perpetrators compared to complex, cross-border investigations,” he commented.
Kolochenko added that it will be interesting to see the approach taken by the US if an informant happens to be under sanctions.
“Paying will violate the law, while not paying will undermine confidence in any future promises made by the government,” he commented.
A report by Chainalysis on February 7 found that ransomware actors collected more than $1bn in extortion money from victims in 2023, a record high.