Hive Ransomware Leader Nabbed in Ukraine: Europol and Ukrainian Police Collaborate to Take Down Cybercriminal

Hive Ransomware

LockerGoga, MegaCortex, HIVE, and Dharma have notoriously emerged as prominent ransomware in recent years. These malevolent programs have orchestrated over 200 targeted assaults against major corporations worldwide, victimizing entities across 71 countries and regions, and the resultant financial devastation is immeasurable.

This week, the European Union Agency for Law Enforcement Cooperation (Europol) announced a significant breakthrough in their ongoing battle against cybercrime. In a collaborative effort with Ukrainian police, they successfully apprehended four hackers in Ukraine’s capital, Kyiv. Among these detainees, a 32-year-old individual was identified as the ringleader. This arrest comes in addition to another hacker apprehended elsewhere.

The infamous Hive ransomware syndicate, with its roots traced back to Ukraine, faced a major setback with the capture of its 32-year-old leader.

This operation marks a continuation of Europol’s 2021 initiative aimed at combating ransomware. The investigation, which began with the procurement of critical data, eventually led to the tracking and pinpointing of the hackers in Ukraine. Europol, in collaboration with law enforcement agencies from Norway, France, Germany, and the United States, dispatched over 20 investigators to Kyiv.

In parallel, Europol established a virtual command center at its headquarters in the Netherlands to oversee the ongoing investigation and analyze the acquired data. This strategic move, coupled with coordination with Kyiv police, culminated in the successful apprehension of the cybercriminals.

Europol stated that these hackers, utilizing ransomware such as LockerGoga, MegaCortex, HIVE, and Dharma, launched their attacks, with each member playing distinct roles ranging from phishing to initiating attacks, negotiating ransomware demands, and laundering money.

Their most common tactics included brute force attacks, SQL injections, and the dissemination of phishing emails laden with malicious attachments. Once they infiltrated the corporate networks, they leveraged tools like TrickBot, Cobalt Strike, and PowerShell Empire to gain further access to internal systems, culminating in encrypting and holding data for ransom.