The notorious Hunters International Ransomware-as-a-Service operation has announced that it has officially closed down its operations. The cybercrime gang published a statement on its dark web leak site today regarding this decision. The group is offering free decryption software to all companies that have been impacted by its ransomware. Their stated goal is to ensure that victims can recover their encrypted data without the burden of paying ransoms.
While the group doesn’t explain the “recent developments,” the announcement may be part of a rebranding attempt. Threat intelligence firm Group-IB revealed in April that Hunters International was rebranding with plans to focus on extortion. The group had launched a new, extortion-only operation that is known to researchers as “World Leaks.” Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group. It uses a custom-built exfiltration tool that appears to be an upgraded version of their previous software.
This announcement follows a November statement saying that the group would soon shut down due to increased scrutiny.
The ransomware gang Hunters International first emerged on the threat landscape in the latter part of the year 2023. It was flagged by security researchers and ransomware experts as a potential rebrand of the Hive ransomware group. This assessment was based on significant code similarities between the two different ransomware operations. The group’s malware targets a wide range of platforms, including Windows, Linux, FreeBSD, SunOS, and also ESXi. Some researchers believe Hive operators started Hunters to avoid being tied to their old, dismantled ransomware group.
Over the last two years, Hunters International has targeted companies of all sizes with its ransomware attacks.
Their ransom demands ranged from hundreds of thousands to millions of dollars depending on the organization’s size. The ransomware gang has claimed responsibility for almost 300 different attacks on companies and organizations worldwide. This has made it one of the most active ransomware operations in recent years, according to cybersecurity researchers. Notable victims claimed by Hunters International include the U.S. Marshals Service and Japanese optics giant Hoya.
Reference:
