Ethical Hacking News
The Hunters International Ransomware gang has officially shut down operations and released free decryptors for affected victims, marking a significant shift in the global cybercrime landscape.
Hunters International, a notorious ransomware-as-a-service operation, has announced its shutdown and released free decryptors for affected victims. The group's decision to shut down operations was due to increased law enforcement scrutiny and declining profitability. The Hunters International Ransomware operation was one of the most active groups in recent years, responsible for nearly 300 attacks worldwide. The group targeted companies of all sizes, including major corporations like the U.S. Marshals Service and Japanese optics giant Hoya. Another related operation known as "World Leaks" continues under different circumstances, using an advanced exfiltration tool for extortion-only attacks. Hunters International released free decryptors as an act of goodwill towards affected parties, ensuring they can regain access to their data without additional financial burdens.
Hunters International, a notorious ransomware-as-a-service (RaaS) operation, has officially announced its shutdown and release of free decryptors to aid victims in recovering their data. The news was made public on July 3, 2025, by the group itself through a statement published on its dark web leak. In this announcement, Hunters International expressed regret over its decision to discontinue operations but emphasized the importance of providing assistance to those affected by its previous activities.
The shutdown of Hunters International comes as a result of increased law enforcement scrutiny and declining profitability. In November 2024, the group had previously stated that it would be shutting down due to these factors, although today's announcement confirms this decision. The closure marks an end to the operations of one of the most active ransomware groups in recent years, which has been responsible for nearly 300 attacks worldwide.
The Hunters International Ransomware operation was launched late in 2023 and gained notoriety for its broad scope of malware targets, including Windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers). The group's software also supports multiple architectures such as x64, x86, and ARM. Its ransom demands have varied widely among its victims, ranging from hundreds of thousands to millions of dollars.
Throughout its operations, Hunters International has targeted companies of all sizes. Notable victims include major corporations like the U.S. Marshals Service, Japanese optics giant Hoya, Tata Technologies, North American automobile dealership AutoCanada, and U.S. Navy contractor Austal USA, as well as Oklahoma's largest not-for-profit healthcare network, Integris Health.
One of its most recent attacks occurred in December 2024 when Hunters International hacked into the Fred Hutch Cancer Center. The group threatened to release sensitive data belonging to over 800,000 cancer patients unless a ransom was paid. This incident highlights the significant impact that Hunters International could have on individuals and organizations alike.
While Hunters International is no longer active, another related operation known as "World Leaks" continues under different circumstances. Unlike its predecessor, World Leaks operates exclusively in extortion and uses an advanced exfiltration tool for this purpose. The transition from ransomware to data theft and extortion-only attacks marks a significant shift in the tactics of this cybercrime gang.
The release of free decryptors by Hunters International represents an act of goodwill towards those affected by its operations. This gesture signifies the group's commitment to assisting victims without imposing additional financial burdens on them. Affected parties can access decryption tools and recovery guidance from Hunters International's official website, ensuring they have a means to regain access to their data.
The decision to shut down operations and provide free decryptors marks an end to one of the most active ransomware gangs in recent history. This development underscores the impact that such groups can have on organizations worldwide. The actions taken by Hunters International also highlight the importance of cooperation between law enforcement agencies, cybersecurity firms, and affected parties in combating cybercrime.
In conclusion, the shutdown of Hunters International ransomware marks a significant shift in the global cybercrime landscape. While one operation has ceased its activities, another continues under different circumstances. The release of free decryptors by Hunters International underscores the importance of cooperation and goodwill in aiding victims of cybercrime.
Related Information:
https://www.ethicalhackingnews.com/articles/Hunters-International-Ransomware-Gang-Shuts-Down-Operations-Releases-Free-Decryptors-for-Affected-Victims-ehn.shtml
https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-shuts-down-after-world-leaks-rebrand/
https://www.theregister.com/2025/07/03/hunters_international_shutdown/
https://cyberinsider.com/hunters-international-ransomware-shuts-down-offers-free-decryptors-to-victims/
Published: Thu Jul 3 07:59:15 2025 by llama3.2 3B Q4_K_M
