Cointime

Cointime

Download App
iOS & Android

DOJ Disrupts Ransomware Group Attempting to Extort $130M in Crypto Ransom

The DOJ stated that it conducted the operation with the help of German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit.

Over $100M Extorted From 1,500 Victims

The department said that since June 2021, the group has targeted more than 1,500 victims worldwide and received over $100 million in crypto ransom payments.

According to the DOJ, the Federal Bureau of Investigation (FBI) executed a months-long disruption campaign against the group and infiltrated Hive’s network in July 2022. The Justice Department added that after successfully infiltrating the group’s network, it captured their decryption keys and offered them to victims worldwide, preventing them from paying the $130 million in crypto ransom demanded.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims,” the DOJ said.

A Subscription-Based Model

Ransomware is malicious software (malware) that threatens to publish or block access to a victim’s personal data (usually by encrypting it) unless a ransom is paid off.

According to the DOJ, Hive used a subscription-based model called ransomware-as-a-service (RaaS) to “develop a ransomware strain and create an easy-to-use interface with which to operate it and then recruit affiliates to deploy the ransomware against victims.”

“Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment,” the department added.

Meanwhile, the DOJ announcement comes as revenue from ransomware has significantly reduced. According to a recent report by blockchain analytics firm Chainalysis, ransomware attackers extorted approximately $456.8 million from victims in 2022, down from $765.6 million the year prior.

However, that does not mean ransomware attacks have reduced, or at least not as much as the decline in payments suggests. Instead, “much of the decline is due to victim organisations increasingly refusing to pay ransomware attackers,” the report said.

~ By William A. Frederick ~

Comments

All Comments

Recommended for you

  • TrumpAI tokens on Ethereum have been RUG

    PeckShield has monitored that the TrumpAI token on the Ethereum blockchain has fallen by 100%. An address starting with 0x935A sold 5,000,000,000,000,000,000,000 TrumpAI tokens, which is about 26.57 WETH (approximately $80,000). Note: rugpull tokens have the same name as legitimate tokens.

  • South Korea’s Monetary Authority: Confirmed to include token delisting standards in the Virtual Asset User Protection Act

    The Financial Supervisory Service (FSS) of South Korea has confirmed that token delisting standards will be included in the "Best Practice for Compliance with the Virtual Asset User Protection Act" released in early June. An official from the Financial Supervisory Service stated in a conversation with Bloomberg on Tuesday that the upcoming "Best Practices for Compliance with the Virtual Asset User Protection Act" will not only include listing standards for virtual assets, but also provide guidance on whether to maintain trading of listed virtual assets. The guidance will provide a basis for cryptocurrency issuers to delist in the event of problems. The guidance will be released from the end of May to early June. Currently, the Financial Supervisory Service is developing guidelines to support self-regulation by cryptocurrency exchanges under the Virtual Asset User Protection Act before it is implemented in July. The plan proposes standards for virtual asset issuance, circulation, and trading support, prohibits the listing of virtual assets with a history of hacking attacks, and requires the release of Korean white papers and technical manuals when listing overseas virtual assets.

  • HKEX CEO: Virtual asset exchanges have become HKEX’s competitors

    On May 10th, Hong Kong Exchanges and Clearing Limited's new CEO, Nicolas Aguzin, stated in an interview with the Shanghai Securities News that HKEX faces competition not only from other securities exchanges, but also from external competitors such as virtual asset exchanges. In order to meet the rapidly evolving demands of customers and technology, HKEX must balance innovation and stable business operations, continuously expand its resources for listed companies, and improve its market services.

  • WOOFi attacker address has transferred 100 ETH to Tornado cash

    PeckShield monitoring shows that the address marked by the WOOFi attacker has transferred 100 ETH to Tornado cash. The WOOFi attacker has already transferred 2200 ETH (worth about $6.5 million) to Tornado cash.

  • Trump will hold a private dinner on the day of the court recess, inviting NFT trading card buyers to attend

    On May 10th, according to sources, former US President Donald Trump will host a dinner at his Mar-a-Lago estate on a day off, inviting NFT trading card buyers to attend. This event is part of Trump's series of non-campaign activities, aimed at balancing his White House campaign and legal disputes. After Stormy Daniels testified in Trump's trial on Tuesday, Trump expressed his desire for campaigning rather than being tied up in court. Despite no public campaign activities on Wednesday, Trump's schedule includes private political meetings.

  • Tether: Deutsche Bank’s analysis lacks clarity and substantive evidence

    According to a report on stablecoins released on May 7, Deutsche Bank analyzed 334 currencies linked to stablecoins and found that 49% of stablecoins had failed during their median lifespan of about eight to ten years. The analysts concluded that most anchored assets in the cryptocurrency field will experience significant "turbulence" caused by speculative sentiment and ultimately suffer some form of decoupling event. Deutsche Bank analysts also pointed out that Tether's reserve transparency was lacking and described the company's solvency as "doubtful".

  • Yesterday, Solana’s on-chain DEX transaction volume surpassed Ethereum, reaching $1.314 billion

    On May 10th, according to DeFiLlama data, the trading volume of Solana's DEX reached 1.314 billion US dollars yesterday, surpassing the trading volume of 1.297 billion US dollars on Ethereum's DEX.

  • US court orders seizure of 279 virtual currency accounts containing criminal proceeds from North Korean hacking

    A US court has ordered the confiscation of 279 virtual currency accounts containing proceeds from North Korean hacker crimes. US District Court Judge Timothy Kelly in Washington, DC approved the federal prosecutor's request for a summary judgment on these accounts and ordered their confiscation on May 8. This ruling means that these accounts are now under the control of the US Department of Treasury.

  • South Korea’s National Tax Service announced that it would collect 40 billion won in taxes from Bithumb users

    Bithumb has issued a preliminary notice of comprehensive income tax to some users who participated in activities held between 2018 and 2021, and announced full support for the related tax amount. The position of the National Tax Service is that rewards paid to users through various activities (including virtual assets) constitute taxable income. Bithumb does not agree with the National Tax Service's opinion, but explains that taxation is mandatory.

  • The Base ecosystem Bloom project said it has recovered 90% of the funds stolen in the attack

    On May 10th, Bloom, a decentralized derivatives exchange on the X platform, announced that they have recovered $486,000 (minus 10% for bug bounties) out of the total funds utilized ($540,000). All of these funds will be redistributed to limited partners. 10% of the bug bounty has been agreed upon in exchange for not pressing charges against those who exploited the bug. A compensation plan for limited partners affected by the bug will be completed within the next 24-48 hours. Funds are safe and there is currently no need to revoke contract access.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company