Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hunters International. Show all posts
World Leaks
Armenia Cyber Security Hunters International RaaS Group Threat Intelligence World Leaks

'Hunters International' RaaS Outfit Shuts Down Its Operation

 

Hunters International, a ransomware-as-a-Service (RaaS) outfit, shut down operations and will provide free decryptors to victims seeking to restore their data without paying a ransom. 

"After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the ransomware outfit notes in a statement published on its dark web.

"As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.”

The attackers also erased all entries from the extortion platform and stated that firms whose systems were encrypted in Hunters International ransomware assaults can access decryption tools and recovery guidance from the gang's official website. 

While the ransomware group does not specify what "recent developments" it alludes to, the latest development follows a November 17 statement stating that Hunters International will soon cease operations due to growing law enforcement scrutiny and diminishing profitability. 

In April, threat intelligence firm Group-IB also disclosed that Hunters International had started a new extortion-only operation dubbed "World Leaks" and was rebranding with plans to zero in on data theft and extortion-only attacks. 

Group-IB stated at the time that "World Leaks operates as an extortion-only group using a custom-built exfiltration tool, in contrast to Hunters International, which combined encryption with extortion." The new tool seems to be an improved version of the Storage Software exfiltration tool that Hunters International's ransomware affiliates used. 

Due to code similarities, security researchers and ransomware specialists identified Hunters International, which surfaced in late 2023, as a potential rebranding of Hive. The malware from the ransomware group supports x64, x86, and ARM architectures and targets a variety of platforms, including Windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers). 

Hunters International has attacked businesses of all sizes over the last two years, demanding ransoms ranging from hundreds of thousands to millions of dollars, depending on the size of the compromised organisation. The ransomware group has claimed credit for around 300 attacks worldwide, making it one of the most active ransomware campaigns in recent years. 

The ransomware outfit has claimed several notable victims, including the United States Marshals Service, the Japanese optical firm Hoya, Tata Technologies, the North American car dealership AutoCanada, the United States Navy contractor Austal USA, and Integris Health, Oklahoma's largest non-profit healthcare network.
Read more »
Ransomware
Data Theft Hunters International malware Ransomware

Cybercrime Group Changes Plans: Drops Ransomware, Focuses on Data Theft

 



A cybercriminal group known for ransomware attacks has decided to stop using those methods and instead focus only on stealing information and demanding money in return. The group, called Hunters International, has rebranded and is now running a new operation.

This group had earlier announced in November 2024 that it would stop its activities. They claimed it was because of low profits and growing attention from police and other authorities. But cybersecurity experts discovered that the group didn’t actually stop – they just changed their approach.

Now, under a new name, World Leaks, the group has returned. Instead of locking people’s files and asking for payment to unlock them, they now secretly steal private data from computers and threaten to release it online unless they’re paid.

According to cybersecurity researchers at Group-IB, the people working with this group are being given a special tool. This software helps them quickly and quietly copy important files from an organization’s systems. It’s believed to be a newer version of a tool they’ve used in the past.

In their earlier version, Hunters International combined two actions: they locked systems (ransomware) and demanded money, and also stole data. But now, they are only stealing data and skipping the system lockout part, which brings less risk and may be harder for authorities to detect.

Hunters International first appeared in late 2023 and was suspected to be connected to an older cyber gang called Hive. Their malware could attack many types of computer systems, including those used by businesses, governments, and servers for virtual machines.

Since then, the group has been behind over 280 attacks on organizations across the globe. They’ve gone after major companies, government bodies, hospitals, and even defense-related firms. In one serious case, they threatened to release personal health records of over 800,000 patients if they weren’t paid.

The group has been targeting companies of all sizes. Experts have seen ransom demands vary, sometimes reaching millions, depending on how large or important the organization is.

Experts say that this shift shows how cybercriminals are always changing tactics to stay ahead. With ransomware becoming riskier and less profitable, many groups may now turn to stealing data as their main method.

To stay safe, organizations should improve their security systems, watch for unusual access, and take steps to protect sensitive data before it’s too late.


Read more »
Subscribe to: Posts (Atom)