The U.S. Department of State today offered up to $10 million for information that could help link the Hive ransomware group (or other threat actors) with foreign governments.
In November, the FBI revealed that this ransomware operation had extorted around $100 million from over 1,500 companies since June 2021.
“If you have information that links Hive or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government, send us your tip via our Tor tip line. You could be eligible for a reward,” the State Department’s Rewards for Justice Twitter account said.
“For information on the identification or location of any person who, while acting at the direction of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.”
“Send us your information on Signal, Telegram, WatshApp, or via our Tor-based tip line.”
During the last two years, the State Department also offered rewards of up to $15 million for tips that could help locate members of the Conti [1, 2], REvil (Sodinokibi), and Darkside ransomware operations.
The State Department offers these rewards as part of its Transnational Organized Crime Rewards Program (TOCRP), through which over $135 million in rewards have been paid since 1986.
Disrupted after FBI infiltrated Hive’s servers
This offer comes after Hive ransomware’s Tor websites were seized today as part of an international law enforcement operation.
The Justice Department revealed that the FBI infiltrated Hive servers at a hosting provider in California last July and secretly monitored the operation for six months (Dutch police gained access to backup servers hosted in the Netherlands).
As a result, the FBI could warn targets as it learned about attacks before they occurred and distribute over 1,300 decryption keys to Hive victims, thus saving them at least $130 million in ransom payments.
Besides decryption keys, the FBI also discovered Hive communication records, malware file hashes, and information on 250 Hive affiliates.
The gang’s Tor payment and data leak sites now display an animated seizure banner warning other ransomware gangs of this coordinated action and listing the law enforcement organizations and countries involved in this international takedown operation.
“This hidden site has been seized. The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware,” the seizure notice reads.
“This action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol.”