FlagThis

The Ransomware-as-a-Service (RaaS) group Hunters International has reportedly shifted its focus from ransomware to data extortion, rebranding itself as "World Leaks" on January 1, 2025. This change in tactics signals a new era in cybercrime, driven by the declining profitability of ransomware and increased scrutiny from law enforcement and governments worldwide. Group-IB researchers revealed that the group's senior personnel decided ransomware was becoming too "unpromising, low-converting, and extremely risky," leading to the development of an extortion-only operation.

The group is reportedly leveraging custom-built exfiltration tools to automate data theft from victim networks, enhancing their ability to carry out extortion-only attacks. Cybersecurity researchers have also linked Hunters International to the infamous Hive ransomware group. There are suggestions that they acquired Hive’s source code and operational tools. While Hunters International denies being a direct continuation of Hive, evidence suggests that they acquired Hive’s source code and operational tools. The group targets various industries, including healthcare, real estate, and professional services, across North America, Europe, and Asia.

ImgSrc: www.bleepstatic

References :

• The DefendOps Diaries: Hunters International's shift to data extortion: a new era in cybercrime.
• BleepingComputer: Hunters International shifts from ransomware to pure data extortion.
• Cyber Security News: Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems
• The Register - Security: Crimelords at Hunters International tell lackeys ransomware too 'risky'

Classification:

• HashTags: #Cybercrime #DataExtortion #Ransomware
• Target: Organizations
• Attacker: Hunters International
• Type: Ransomware
• Severity: Medium