Hunters International ransomware shuts down, offers free decryptors
▼ Summary
– Hunters International Ransomware-as-a-Service (RaaS) has shut down and is offering free decryptors to victims to recover data without ransom payments.
– The group cited “recent developments,” likely referring to increased law enforcement scrutiny and declining profitability, as reasons for closing.
– Hunters International previously rebranded to focus on data theft and extortion-only attacks under the new operation “World Leaks.”
– The ransomware group targeted various platforms and claimed responsibility for nearly 300 attacks globally, including high-profile victims like the U.S. Marshals Service and Integris Health.
– In December 2024, the group hacked the Fred Hutch Cancer Center, threatening to leak data of over 800,000 cancer patients if unpaid.
The Hunters International ransomware group has unexpectedly ceased operations, providing free decryption tools to victims rather than demanding ransom payments. This surprising move comes after months of high-profile cyberattacks targeting organizations worldwide.
In a statement posted on its dark web leak site, the cybercriminal group announced its decision to shut down, citing “recent developments” as the reason. “We recognize the impact of our actions and, as a gesture of goodwill, are offering free decryption software to all affected organizations,” the group wrote. The announcement also confirmed the removal of all victim data from its extortion portal, allowing companies to request recovery assistance directly.
While the group did not specify the exact reasons behind its sudden exit, security analysts point to increasing law enforcement pressure and declining profits as likely factors. Just last November, Hunters International hinted at an impending shutdown, acknowledging heightened scrutiny from authorities.
Recent intelligence reports suggest the group may have shifted focus to pure data theft rather than ransomware attacks. Cybersecurity firm Group-IB previously linked Hunters International to a new extortion-only operation called “World Leaks,” which specializes in stealing and leaking sensitive data without encryption. The group’s latest tool appears to be an upgraded version of the malware used in earlier ransomware campaigns.
First appearing in late 2023, Hunters International quickly gained notoriety for its aggressive tactics and broad target range. Security experts noted striking similarities between its malware and that of the notorious Hive ransomware group, fueling speculation of a rebrand. The group’s attacks spanned multiple operating systems, including Windows, Linux, and VMware ESXi servers, making it a significant threat to enterprises worldwide.
Over the past two years, Hunters International claimed responsibility for nearly 300 attacks, demanding ransoms ranging from hundreds of thousands to millions of dollars. Among its high-profile victims were the U.S. Marshals Service, Japanese optics leader Hoya, and Integris Health, Oklahoma’s largest nonprofit healthcare provider.
One particularly alarming incident involved the Fred Hutch Cancer Center, where the group threatened to expose sensitive data belonging to over 800,000 cancer patients unless paid. The shutdown raises questions about whether law enforcement pressure or internal disputes led to the group’s abrupt exit, and whether its members will resurface under a new name.
For now, affected organizations have an unexpected opportunity to recover encrypted files without paying a ransom. However, cybersecurity experts warn that similar groups may fill the void left by Hunters International, continuing the cycle of cyber extortion.
(Source: BLEEPINGCOMPUTER)
