CyberSec Talk with Asfi!
Hunters International and Bitdefender Report Resurgence of Hive Ransomware
Following the January 2023 takedown of Hive, a prominent global ransomware entity responsible for targeting 1,300 companies and accumulating $100 million in ransom payments, a recent revelation by security experts from Hunters International and Bitdefender has brought forth alarming developments. The notorious group, previously dismantled in a joint operation by the FBI and European law enforcement agencies, appears to have re-emerged under a new guise.
Reports stemming from Bitdefender’s recent blog post disclosed the resurgence of the once-dismantled Hive under the moniker ‘Hunters International’. According to their findings, the leadership behind Hive strategically concluded operations and transferred assets to form the new entity, as first brought to attention by security researcher @rivitna2 on October 20, 2023.
In a surprising twist, security researcher Will Thomas @BushidoToken revealed code similarities between the groups, citing a significant 60% match in their coding structures. However, the alleged successor, Hunters International, disputed these findings, asserting their independence as a distinct entity formed after acquiring Hive’s assets.
The new group maintains a focus on data exfiltration rather than encryption, leveraging a Ransomware-as-a-Service model using Rust language ransomware. Bitdefender’s security platform identified their ransomware family as Trojan.Ransom.Hunters.
While the group rejects claims of being a rebirth of Hive, they have garnered attention for their simplified approach, targeting victims primarily in the United States, the UK, Germany, and Namibia, including hospitals. Their modus operandi involves a chat portal for ransom negotiations, requiring credentials provided in the ransom note.
Whether the emergence of Hunters International represents the return of Hive or a new entity, the evolving landscape of ransomware underscores the urgency for international collaboration and robust cybersecurity measures to counter these threats effectively.