Cointime

Cointime

Download App
iOS & Android

DOJ Disrupts Ransomware Group Attempting to Extort $130M in Crypto Ransom

The DOJ stated that it conducted the operation with the help of German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit.

Over $100M Extorted From 1,500 Victims

The department said that since June 2021, the group has targeted more than 1,500 victims worldwide and received over $100 million in crypto ransom payments.

According to the DOJ, the Federal Bureau of Investigation (FBI) executed a months-long disruption campaign against the group and infiltrated Hive’s network in July 2022. The Justice Department added that after successfully infiltrating the group’s network, it captured their decryption keys and offered them to victims worldwide, preventing them from paying the $130 million in crypto ransom demanded.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims,” the DOJ said.

A Subscription-Based Model

Ransomware is malicious software (malware) that threatens to publish or block access to a victim’s personal data (usually by encrypting it) unless a ransom is paid off.

According to the DOJ, Hive used a subscription-based model called ransomware-as-a-service (RaaS) to “develop a ransomware strain and create an easy-to-use interface with which to operate it and then recruit affiliates to deploy the ransomware against victims.”

“Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment,” the department added.

Meanwhile, the DOJ announcement comes as revenue from ransomware has significantly reduced. According to a recent report by blockchain analytics firm Chainalysis, ransomware attackers extorted approximately $456.8 million from victims in 2022, down from $765.6 million the year prior.

However, that does not mean ransomware attacks have reduced, or at least not as much as the decline in payments suggests. Instead, “much of the decline is due to victim organisations increasingly refusing to pay ransomware attackers,” the report said.

~ By William A. Frederick ~

Comments

All Comments

Recommended for you

  • Scammers use Google to promote fake Whales Market website to steal cryptocurrency

    According to a report from BleepingComputer, threat actors have discovered a method where scammers use Google's platform to promote phishing websites impersonating Whales Market in order to steal cryptocurrency. These fraudulent websites are placed as sponsored links (i.e. advertisements) at the top of Google search result pages, and despite the domain address displayed on the search result page appearing to be real, users will be redirected to the fake website upon clicking.

  • Cyvers: Hedgey suffered the same vulnerability on Arbitrum and lost about $42.8 million

    Cyvers Alerts on X platform stated that the system detected that the financial derivative agreement Hedgey Finance executed the same vulnerability on the ARB chain and gained approximately 42.8 million US dollars in profit.

  • Tether issues 1 billion USDT on Ethereum (authorized but not yet issued)

    Whale Alert has monitored Tether Treasury's addition of 1 billion USDT on Ethereum. Tether CEO Paolo Ardoino stated that this 1 billion USDT is a supplement to Ethereum inventory. This is an authorized but unissued transaction, which means that this issuance will be used for the next issuance request and cross-chain exchange inventory.

  • CertiK: Hedgey vulnerability was exploited and $1.9 million was stolen

    CertiK Alert posted on social media that it has detected that the on-chain token infrastructure protocol Hedgey has been exploited and stolen approximately 1.9 million US dollars.The attacker abused the createLockedCampaign function in flash loans to obtain approval for the use of tokens on the victim's contract. The USDC, NOBL, and MASA tokens in the victim's contract have been depleted.

  • Binance executives' bail application postponed again, still in custody

    The bail hearing for Binance executive Tigran Gambaryan has been postponed again by a Nigerian court, and he remains detained at the Kuje Correctional Center. The hearing is now scheduled for April 22, with the EFCC requesting time to respond to new arguments from the defense. Gambaryan's lawyer criticized the prosecution for failing to respond promptly. Binance has been accused of concealing the source of its income, while Gambaryan is accused of money laundering. In addition, he has also filed a lawsuit against the government for violating his human rights.

  • BTC breaks through $64,000

    The market shows BTC breaking through $64,000, now reporting at $64,012.44, with an intraday increase of 4.95%. The market fluctuates greatly, so please be prepared for risk control.

  • SEC accuses Justin Sun of frequent trips to the U.S. to sell tokens

    The US SEC has amended its lawsuit against Tron founder Sun Yuchen, stating that his frequent travel to multiple locations in the US allows the court to have corresponding jurisdiction. The SEC accuses Sun Yuchen and his company of selling unregistered securities through Tron and BitTorrent (BTT) tokens and engaging in manipulative money laundering transactions. The SEC claims that Sun Yuchen spent more than 380 days in the US from 2017 to 2019, with travel destinations including New York, Boston, and San Francisco. Sun Yuchen argues that the token sales were conducted entirely overseas, avoiding the US market, and therefore the SEC has no jurisdiction over him and the Tron Foundation, which is headquartered in Singapore. (Cointelegraph)

  • Cyvers Alerts: Multiple phishing transactions detected this morning

    Cyvers Alerts reported on X platform that multiple phishing transactions were discovered by the system this morning. The victims have approved the external owned accounts (EOA) of the phishers. We strongly recommend revoking the relevant approvals.

  • BTC breaks through $63,000

    The market shows BTC has broken through $63,000 and is currently trading at $63,062.48, with an intraday increase of 3.53%. The market is volatile, so please be prepared for risk control.

  • CZ: Bitcoin halving is different from stock split, happy halving

    CZ wrote on X platform that Bitcoin halving is different from stock splitting. The fact that people are asking such questions shows that we are still in the early stages. He then attached a picture to explain his views on what might happen before and after the Bitcoin halving in 2023, and said "happy halving!"

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company