The US State Department is now offering up to $10 million to anyone with information about the leaders of the Hive ransomware group.
A separate reward of up to $5 million is also being promised to anyone who provides information about individuals “conspiring to participate or attempting to participate” in a Hive attack that results in an arrest or conviction.
This reward would come from the Department of State’s Transnational Organized Crime Rewards Program (TOCRP). Those in the US who have information about Hive hackers can contact the State Department; those outside the US can contact the nearest US embassy or consulate.
This offer comes two weeks after the US Justice Department announced that the FBI had secretly infiltrated Hive’s network in July 2022 and had been monitoring it for months, saving Hive ransomware victims from an estimated $130 million in losses by giving victims their decryption keys.
US Assistant Attorney General Lisa Monaco previously said government agents got into Hive’s network by hacking the hackers, but did not share further details on how the FBI managed to breach Hive’s systems.
It’s unclear whether the US government has already identified any Hive members or not. Since the malicious group’s inception in 2021, Hive affiliates have swiped over $100 million in ransomware payments from more than 1,500 victims around the world.
Hive sells ransomware to cyberattackers under a “ransomware-as-a-service” model. According to the US Cybersecurity and Infrastructure Security Agency (CISA), Hive affiliates typically use phishing techniques via emails with malicious attachments to steal victims’ data and then encrypt victims’ devices, locking them out. The attackers then present victims with an ultimatum, where their data will be released if they don’t pay the ransom to unlock their devices.
Recommended by Our Editors
In some cases, Hive attackers have circumvented victims’ multi-factor authentication measures, CISA says.
Hive has historically targeted the computer systems of hospitals, school districts, infrastructure providers, and financial firms.
“The Justice Department will spare no resource to identify and bring to justice, anyone, anywhere, who targets the United States with a ransomware attack,” US Attorney General Merrick B. Garland said last month following its infiltration of Hive. “We will continue to work both to prevent these attacks and to provide support to victims who have been targeted.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.