Social Media Snare: Hive Ransomware Suspect Tracked Down After Marathon

A year ago, French police arrested a man suspected of ties to the Hive ransomware group. The operation took place in December 2023, when the suspect was in Paris, having decided to stop in the French capital after participating in a marathon.

Nha-Khanh Nguyen, deputy head of the Paris Police Incident Response Center, shared on social media that the suspect had been actively posting his athletic achievements online, often accompanied by photographs. This passion for showcasing his pursuits inadvertently aided investigators in tracking him down.

According to Nguyen, the man traveled to Paris following a marathon in a neighboring country, seizing the opportunity to visit the iconic city. This spontaneous decision ultimately led to his arrest. Investigators discovered his accommodation at a hotel, enabling them to establish surveillance and apprehend him shortly after one of his runs.

Following the arrest, law enforcement launched an intensive operation, traveling to Cyprus to search the suspect’s residence. This swift action aimed to secure evidence and prevent its destruction.

The suspect was initially identified through the analysis of cryptocurrency wallets and open-source intelligence investigations. Hive, active since June 2021, had specialized in ransomware attacks. The group’s operations were dismantled in January 2023 through an international effort that dismantled its infrastructure.

During its two years of activity, Hive caused significant damage to over 1,500 organizations worldwide, including 59 in France. The group’s total earnings exceeded $100 million.