New good catch for French justice. A Russian-Israeli man in his forties, suspected of being one of the “bankers” of the Hive ransomware gang, was just arrested on December 5 in Paris by police officers from the Anti-Israeli Office. cybercrime (Ofac). He was subsequently indicted for several cybercrime offenses and the laundering of these crimes through an organized gang.
French justice suspects him of having laundered several million euros in ransoms extorted by cybercriminals of the Hive gang, a ransomware operating in the form of a franchise that appeared in June 2021. Hive, sidelined at the end of January 2023 after the dismantling of its infrastructure during an international operation, would have caused 1,500 victims worldwide, including 59 in France.
Arrested in Paris
The gang had notably targeted the Altice media group, ordered to pay a ransom of $5 million at the end of summer 2022. The sports brand Intersport, the National School of Civil Aviation (Enac), the The textile company Damart, the Guadeloupe region, the town hall of Annecy-le-Vieux and the departmental council of Seine-Maritime were also targeted.
The “Russian banker”, who lived on the island of Cyprus, is suspected of having worked with two affiliates of the gang targeting French organizations. At the beginning of December, he went to Paris for leisure. But he was unaware that he was already in the sights of the police officers from the Bordeaux branch of Ofac, who had managed to identify him thanks to cross-checks between his crypto-asset portfolios and open source research (Osint) .
Working capital
The police, with the support of the European police agency Europol, praised for their responsiveness – a search was carried out in Cyprus while the suspect was in police custody – were able to seize the equivalent of more than 570,000 euros in crypto-assets. A sum that is both high and low, given the ransoms extorted by ransomware cybercriminals, which corresponds for the police to “simple” working capital.
Last January, Hive’s fraudulent earnings were estimated at more than one hundred million dollars. The gang was, however, seriously hampered by the action of the FBI, which managed to hack the cybercriminals’ infrastructure, allowing legal authorities to recover more than 1,000 decryption keys. This also made it possible to avoid the payment of more than 130 million dollars in ransoms, welcomed the American Department of Justice.
The recent emergence of a new mafia franchise, Hunters International, has however damaged this good result. As Le Mag IT spotted, the latter bears a serious resemblance to the gang. Computer security researchers have indeed noted similarities in the code of the malicious program. Hunters International then reacted, reports the antivirus publisher BitDefender, by specifying that it was only an independent group that had simply got its hands on the source code and infrastructure of Hive.