Ethical Hacking News
Hunters International, a notorious ransomware-as-a-service operation, has shut down its activities after just two years of operation. The group will offer free decryptors to help victims recover their data without paying a ransom. This development is a significant blow to the group's reputation and activity level, and highlights the effectiveness of law enforcement efforts in disrupting ransomware operations.
Hunters International, a notorious ransomware-as-a-service operation, has shut down its operations after two years.The group had announced plans to rebrand in April 2025, focusing on data theft and extortion-only attacks.Hunters International targeted companies worldwide, with ransom demands ranging from hundreds of thousands to millions of dollars.The group claimed responsibility for almost 300 attacks, including notable victims like the U.S. Marshals Service and Japanese optics giant Hoya.The shutdown is believed to be due to increased law enforcement scrutiny and declining profitability.
Hunters International, a notorious ransomware-as-a-service (RaaS) operation, has officially shut down its operations after just two years of activity. The news comes as a surprise to the cybersecurity community, given that the group had announced plans to rebrand and focus on data theft and extortion-only attacks in April 2025.
According to reports, Hunters International emerged in late 2023 and was flagged by security researchers and ransomware experts as a potential rebrand of Hive due to code similarities. The ransomware group's malware targets a wide range of platforms, including Windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers), and it also comes with support for x64, x86, and ARM architectures.
Over the last two years, Hunters International has targeted companies of all sizes, with ransom demands ranging from hundreds of thousands to millions of dollars, depending on the size of the breached organization. The group claimed responsibility for almost 300 attacks worldwide, making it one of the most active ransomware operations in recent years.
Notable victims claimed by Hunters International include the U.S. Marshals Service, Japanese optics giant Hoya, Tata Technologies, North American automobile dealership AutoCanada, U.S. Navy contractor Austal USA, and Integris Health, Oklahoma's largest not-for-profit healthcare network. In December 2024, Hunters International also hacked the Fred Hutch Cancer Center, threatening to leak the stolen data of over 800,000 cancer patients if they were not paid.
However, in a stunning turn of events, Hunters International announced that it has decided to close its operations and will offer free decryptors to help victims recover their data without paying a ransom. According to the group's statement published on its dark web leak, this decision was made after careful consideration and in light of recent developments.
The threat actors added that companies whose systems were encrypted in Hunters International ransomware attacks can request decryption tools and recovery guidance on the gang's official website. While the reason behind the shutdown is not explicitly stated, it is believed to be due to increased law enforcement scrutiny and declining profitability.
In April 2025, Group-IB revealed that Hunters International was rebranding with plans to focus on data theft and extortion-only attacks, and had launched a new extortion-only operation known as "World Leaks." Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool.
The shutdown of Hunters International marks a significant blow to the cybersecurity community, given the group's notoriety and activity level. However, it also serves as a reminder that law enforcement efforts can be effective in disrupting and dismantling ransomware operations.
In conclusion, the shutdown of Hunters International is a welcome development for the cybersecurity community, and highlights the importance of continued vigilance and cooperation between law enforcement agencies and cybersecurity experts.
Related Information:
https://www.ethicalhackingnews.com/articles/Hunters-International-Ransomware-A-Rebranding-Scheme-Foiled-by-Law-Enforcement-ehn.shtml
https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-shuts-down-after-world-leaks-rebrand/
https://dailysecurityreview.com/security-spotlight/hunters-international-shifts-to-data-extortion-and-rebrands-as-world-leaks/
Published: Thu Jul 3 06:00:16 2025 by llama3.2 3B Q4_K_M
