$10M bounty offered by U.S for the capture of Hive ransomware leaders

Feb 13 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether the hackers could get from London to New York with no ticket or passport ????????????

Today’s hottest cybersecurity news stories:

  • ???? $10M bounty offered by U.S. for info Hive ransomware leaders ????

  • ???? Yay! Decryption tool released to dismantle Rhysida ransomware ????

  • ????️ CISA, OpenSSF release framework for package repository security ????️

That’s quite the honey pot ???? But it’s none of our beeswax ????




???????? U.S. Offers Up to $10 Million Bounty for Hive Ransomware Operatives ????????

The U.S. Department of State has announced staggering monetary rewards of up to $10 million for information leading to the identification of individuals holding critical positions within the Hive ransomware operation. Additionally, an extra $5 million bounty awaits those providing actionable specifics that could lead to the arrest or conviction of individuals involved in Hive ransomware activity.

This announcement comes on the heels of a significant law enforcement effort that successfully infiltrated and dismantled the darknet infrastructure linked to the Hive ransomware-as-a-service (RaaS) gang over a year ago. The operation resulted in the arrest of one suspect in Paris in December 2023.

Hive, which surfaced in mid-2021, targeted over 1,500 victims across 80 countries, amassing approximately $100 million in illicit gains. ???? Following the takedown, a new ransomware group dubbed Hunters International emerged, acquiring Hive’s source code and infrastructure to kick-start its own nefarious operations.

Evidence suggests that Hunters International may have ties to Nigeria, possibly linked to an individual named Olowo Kehinde. However, the true origins remain obscured, potentially pointing to a sophisticated cover-up.

The surge in ransomware activity in 2023, as highlighted by blockchain analytics firm Chainalysis, underscores the growing threat posed by cybercriminals. With a resurgence in attacks and a surge in new entrants to the ransomware ecosystem, the landscape has become increasingly perilous.

Amidst these challenges, cybersecurity experts emphasise the importance of vigilance and rapid response strategies to mitigate the impact of zero-day exploits and swiftly combat emerging threats. ????️????????????


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

I Rhysida but I don’t believe her ????

???? Implementation Vulnerability Exposes Rhysida Ransomware’s Weakness ????

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) have achieved a significant breakthrough in the fight against ransomware. Their discovery of an “implementation vulnerability” in Rhysida ransomware has enabled the successful reconstruction of encryption keys, leading to the decryption of locked data.

The findings, published recently, mark the first successful decryption of Rhysida ransomware since its emergence in May 2023. A recovery tool developed as a result of this breakthrough is now being distributed by KISA, offering hope to victims of this malicious software.

This breakthrough is part of a growing trend in the cybersecurity community, where researchers have been successful in decrypting ransomware by exploiting implementation vulnerabilities. Rhysida joins the ranks of ransomware strains such as Magniber v2, Ragnar Locker, Avaddon, and Hive, which have been decrypted using similar methods.

Rhysida ransomware, known for its ties to the Vice Society ransomware crew, employs a double extortion tactic to coerce victims into paying by threatening to release their stolen data. Targeting sectors such as education, manufacturing, information technology, and government, Rhysida has been flagged by the U.S. government for opportunistic attacks.

A detailed analysis of Rhysida’s encryption process reveals its use of LibTomCrypt and parallel processing to accelerate encryption. The ransomware also employs intermittent encryption techniques to evade detection by security solutions.

Key to the researchers’ success was the discovery of Rhysida’s use of a cryptographically secure pseudo-random number generator (CSPRNG) based on the ChaCha20 algorithm. By understanding the encryption process and the generation of random numbers correlated to the ransomware’s runtime, the researchers were able to reverse-engineer the encryption key and decrypt the files.

While the scope of these decryption efforts may be limited, they offer hope and valuable insights into combating ransomware threats. With continued research and collaboration, the cybersecurity community can continue to develop tools and strategies to mitigate the impact of ransomware attacks. ????????????️????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Do you CISA what we’re packing? ????

???? Strengthening Open-Source Security: New Framework by CISA and OpenSSF ????

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has teamed up with the Open Source Security Foundation (OpenSSF) to introduce the Principles for Package Repository Security. ????️ This framework aims to enhance security in open-source software ecosystems by providing guidelines for package managers.

It outlines four security maturity levels, ranging from basic measures like multi-factor authentication to advanced protocols such as requiring MFA for all maintainers. ???? Authors emphasise achieving at least Level 1 maturity for all package repositories.

This initiative responds to concerns raised by the U.S. Department of Health and Human Services about security risks in healthcare systems due to open-source software vulnerabilities. ????‍⚕️????

By promoting collaboration and sharing best practices, the framework aims to safeguard critical software infrastructure and mitigate emerging cyber threats. ????????️????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles