Ethical Hacking News
Ransomware gang Hunters International has shut down, offering free decryptors to its victims as a parting favor. But experts warn that the group behind the operation may still be active under a new guise - World Leaks. What does this mean for the cybersecurity community? And how can businesses prepare themselves against future threats?
Hunters International, a notorious ransomware gang, announced its closure in April 2025.The group offered free decryptors to its victims as a parting favor.Hunters International was known for its high-profile attacks on organizations like Tata Technologies and ICBC's London office.The gang claimed it had abandoned ransomware due to the risks associated with its activities becoming too great.The group acknowledged using tactics similar to those employed by other ransomware groups, operating in a "grey" area between legitimate business activities and cybercrime.The closure of Hunters International is seen as a welcome development for the cybersecurity community, marking a shift against ransomware.
Ransomware has long been a scourge on businesses and organizations around the world, causing significant financial losses and disrupting operations. Recently, Hunters International, a notorious ransomware gang, announced its closure and offered free decryptors to all its victims as a parting favor. In this article, we will delve into the history of Hunters International, the reasons behind its decision to shut down, and what it means for the cybersecurity community.
Hunters International was first discovered in 2023, and quickly gained notoriety for its high-profile attacks on organizations such as Tata Technologies and ICBC's London office. The gang was known for its brazen tactics, including leaking sensitive data and threatening to release further information unless ransom demands were met. Despite its reputation, Hunters International seemed to be operating with a sense of detachment, almost as if it was merely going through the motions.
However, in April 2025, the group's leadership made a surprising announcement - that they had decided to abandon ransomware altogether. According to their statement, the risks associated with the gang's activities had become too great, and they were no longer willing to participate in what they saw as an ineffective and often counterproductive form of extortion.
"It has come to our attention that ransomware has become 'unpromising, low-converting, and extremely risky,'" said a spokesperson for Hunters International. "We have seen the devastating impact it can have on organizations, and we cannot bring ourselves to be a part of it anymore."
This decision was not without its caveats, however. The gang acknowledged that they had been using tactics that were similar to those employed by other ransomware groups, but claimed that they had been operating in an "extremely grey" area between legitimate business activities and outright cybercrime.
"We understand the challenges that ransomware attacks pose, and we hope that this initiative will help you regain access to your critical information swiftly and efficiently," said another spokesperson. "To access the decryption tools and receive guidance on the recovery process, please visit our official website."
Despite its claims of a change of heart, it is unlikely that Hunters International's decision to shut down was solely driven by a desire to reform or make amends for past wrongdoings. The gang has been accused of using tactics that were similar to those employed by other notorious ransomware groups, and there is evidence to suggest that some of the same individuals behind the operation are still active in the cybersecurity underworld.
In fact, just days after announcing its closure, a new group called World Leaks emerged on the dark web. According to researchers, this group is almost identical to Hunters International, with the same modus operandi and tactics.
"It's a marketing move to lure more affiliates," said an infosec veteran who wished to remain anonymous. "These groups are all just different names for the same type of operation - and they will continue to operate in much the same way until someone puts a stop to it."
As we look back on the history of Hunters International, it is clear that this gang was never simply about extortion or financial gain. Rather, it was about a complex web of motivations and desires, driven by a desire for power, control, and notoriety.
For the cybersecurity community, however, the closure of Hunters International is a welcome development. It marks a turning point in the ongoing struggle against ransomware, and a recognition that these groups are often more trouble than they're worth.
"We should be celebrating this," said a security expert who has been tracking the group's activities. "The fact that Hunters International is shutting down sends a clear message to other groups - you're not going to get away with this forever. We're getting smarter, we're getting better, and we're going to keep pushing back against these threats."
As for the future of cybersecurity, it remains uncertain. Will World Leaks or similar groups continue to operate in the shadows? Only time will tell.
But one thing is clear - the closure of Hunters International marks a significant shift in the ongoing battle against ransomware. And as we move forward into an increasingly complex and connected world, it's more important than ever that we stay vigilant and keep pushing back against these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Hunters-International-Ransomware-Gang-Closes-Down-Offers-Free-Decryptors-to-Victims-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/03/hunters_international_shutdown/
https://www.msn.com/en-us/technology/cybersecurity/ransomware-crew-hunters-international-shuts-down-hands-out-keys-to-victims/ar-AA1HTBrN
https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-shuts-down-after-world-leaks-rebrand/
https://cybernews.com/security/hunters-international-retirement-decryption/
https://www.picussecurity.com/resource/blog/hunters-international-ransomware
Published: Thu Jul 3 08:24:38 2025 by llama3.2 3B Q4_K_M
