CyberSecurity news
FlagThis
@www.bleepingcomputer.com
//
The Hunters International ransomware operation has announced its shutdown, stating they will release free decryption keys to their past victims. The group made the announcement on its dark web leak site, removing all previous victim data. In a statement, Hunters International acknowledged the impact their actions have had on organizations, stating the decision to close down was not made lightly. Victims are instructed to visit the ransomware gang's website to obtain the decryption keys and recovery guidance, though some sources indicate victims need to log in to a portal mentioned in the ransom note using existing credentials to obtain the decryption software.
The move to shut down has been met with skepticism from the threat intel community. Several ransomware gangs in the past have released their victims’ decryption keys, then shut down, each of them for different reasons. Some shut down only to return under a new name, perhaps in an attempt to confuse researchers and law enforcement agencies and sometimes toescape sanctions. There is speculation that Hunters International may be rebranding and transitioning to new infrastructure to avoid increased scrutiny from law enforcement. It emerged in late 2023 and was flagged by security researchers and ransomware experts as apotential rebrand of Hive, which had its infrastructure seized earlier that year.
Reports indicate that Hunters International launched a separate platform named "World Leaks" in January, advising its affiliates to switch to this new operation. At the time, the group claimed that encryption-based ransomware was no longer profitable and they would be shifting to a hack-and-extort model. However, some sources have found World Leaks victims who also had ransomware deployed on their networks. Hunters International has been linked to almost 300 attacks worldwide including India's Tata Technologies and the US Marshals Service and has earned millions in cryptocurrency.
ImgSrc: www.bleepstatic
References :
The move to shut down has been met with skepticism from the threat intel community. Several ransomware gangs in the past have released their victims’ decryption keys, then shut down, each of them for different reasons. Some shut down only to return under a new name, perhaps in an attempt to confuse researchers and law enforcement agencies and sometimes toescape sanctions. There is speculation that Hunters International may be rebranding and transitioning to new infrastructure to avoid increased scrutiny from law enforcement. It emerged in late 2023 and was flagged by security researchers and ransomware experts as apotential rebrand of Hive, which had its infrastructure seized earlier that year.
Reports indicate that Hunters International launched a separate platform named "World Leaks" in January, advising its affiliates to switch to this new operation. At the time, the group claimed that encryption-based ransomware was no longer profitable and they would be shifting to a hack-and-extort model. However, some sources have found World Leaks victims who also had ransomware deployed on their networks. Hunters International has been linked to almost 300 attacks worldwide including India's Tata Technologies and the US Marshals Service and has earned millions in cryptocurrency.
ImgSrc: www.bleepstatic
Share:
References :
- infosec.exchange: NEW: The ransomware gang called Hunters International says it's shutting down and giving victims free decryption tools. “This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with,
- Risky.Biz: Risky Bulletin: Hunters International ransomware shuts down and releases decryption keys
- Risky Business Media: Risky Bulletin: Hunters International ransomware shuts down, releases decryption keys
- techcrunch.com: Ransomware gang Hunters International says it’s shutting down
- www.bleepingcomputer.com: Hunters International ransomware shuts down, releases free decryptors
- Talkback Resources: Hunters International Ransomware Gang Rebrands as World Leaks
- www.bitdefender.com: Hunters International ransomware group shuts down – but will it regroup under a new guise?
- www.bleepingcomputer.com: Hunters International ransomware shuts down, releases free decryptors
- techcrunch.com: NEW: The ransomware gang called Hunters International says it's shutting down and giving victims free decryption tools.
- The Register - Security: Another news article covering Hunters International's shutdown.
- Graham Cluley: Mastodon post discussing the Hunters International shutdown and possible rebranding.
- slcyber.io: Blog post discussing the shutdown and potential rebranding of the Hunters International ransomware group.
- bsky.app: Ransomware crew Hunters International shuts down, hands out keys to victims. Could law enforcement ops be having an impact on criminal confidence?
- www.itpro.com: A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
- news.risky.biz: Risky Bulletin: Hunters International ransomware shuts down and releases decryption keys
- securityaffairs.com: Hunters International ransomware gang shuts down and offers free decryption keys to all victims
- WeLiveSecurity: WeLiveSecurity reports Hunters International ransomware group shuts down – but will it regroup under a new guise?
Classification:
- HashTags: #Ransomware #Cybersecurity #DataBreach
- Company: Hunters International
- Target: Victims of Hunters International
- Attacker: Hunters International
- Product: ransomware
- Feature: decryption
- Malware: Hunters International
- Type: Ransomware
- Severity: Major