Russian national with alleged Hive ransomware ties arrested in Paris

Jason Macuray
A Russian national suspected of possessing thousands of dollars stolen from the French victims of Hive ransomware was arrested in Paris last week.

A Russian national suspected of possessing thousands of dollars stolen from the French victims of Hive ransomware was arrested in Paris last week.

While searching his phone, the police seized more than €570,000 (over $615,000) in cryptocurrency assets that he allegedly helped steal. According to police, the suspect served as a “banker” for Hive affiliates, helping them manage stolen funds.

Little was publicized about the suspect except that he is a Russian national, around 40 years old, and lives in Cyprus, according to reporting from French newspaper Le Figaro.

The criminal was identified “thanks to his activity on social networks” and was subsequently arrested and placed in police custody, according to Nicolas Guidoux, a French official responsible for fighting cybercrime at the Ministry of the Interior.

The international police also searched the suspect’s home in a Cypriot seaside resort and obtained “important” evidence for further investigation.

Before its infrastructure was shut down in January, Hive was used to compromise and encrypt data and computer systems of large tech and oil companies, as well as hospitals in Europe and the U.S. Since 2021, it targeted over 1,500 companies worldwide, who lost more than $100 million in ransom payments.

In France, Hive had nearly 60 victims, including the National School of Civil Aviation and several local government services and town halls.

Hive worked as “ransomware-as-a-service” with attacks executed by “affiliates” but the ransomware was created, maintained, and updated by its developers. When the victims paid, the ransom was then split between affiliates, who received 80%, and developers who received 20%.

During the operation against Hive in January, law enforcement identified the ransomware’s decryption keys and shared them with many victims, helping them regain access to their data without paying the cybercriminals. This effort helped save $130 million in ransom payments.

CybercrimeBriefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

More than 45,000 affected by cyberattack on Idaho nuclear research lab

Next Post

Russian foreign intelligence service spotted exploiting JetBrains vulnerability

Related Posts

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains. The exact initial access vector used
Avatar
Read More