You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Hunters International rebrands away from ransomware

Infamous and now former ransomware operation Hunters International has announced a rebrand that will see it distance itself from ransomware operations and take on exclusively extortion-only and data theft cyber attacks.

Hunters International rebrands away from ransomware
expand image

The group announced on 17 November 2024 that it would be shutting down as attention from law enforcement grew and profits slumped, according to threat intel organisation Group-IB. Despite the deadline, the group remained active.

Then, on 1 January 2025, Hunters International announced “World Leaks”, a new extortion-only operation.

“From the administrator’s perspective, ransomware is no longer profitable and risky. The criminals collaborating with the group will be provided with a purportedly self-developed exfiltration tool designed to automate the process of data exfiltration in the victims’ networks,” Group-IB said this week, as seen by BleepingComputer.

“Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool.”

Since the group emerged in 2023, Hunters International has been an aggressive group, claiming over 280 incidents. It was believed to be a rebrand of the Hive ransomware operation due to commonalities in the malware used by both groups.

In August 2024, the group claimed a cyber attack on the US Marshals Service.

At the time of Cyber Daily’s report, Hunters International’s site was down – whether through actions by US authorities is unknown or simply poor timing – however, cyber security firm Hackmanac shared details of the post on X.

“Allegedly, 386 GB (327,268 files) of data were exfiltrated, including gang files, confidential and top-secret documents, FBI docs, cases, active cases, operations data, electronic surveillance, and more,” Hackmanac said in a 26 August post.

Hunters International may set a trend among ransomware groups as increased global activity against these cyber criminals damages the ransomware ecosystem and its profitability.

Group-IB said legislation introduced by nations around the globe, including the Australian Parliament and the US Congress, as well as some areas banning ransomware, have “significantly impacted the underground economy of RaaS operations, forcing affiliates and operators to find new strategies to attack and extort their victims”.

That being said, the search for affiliates by these ransomware-as-a-service (RaaS) operators has increased dramatically, with 44 per cent more offers for affiliates than in 2023.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.