Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Infamous and now former ransomware operation Hunters International has announced a rebrand that will see it distance itself from ransomware operations and take on exclusively extortion-only and data theft cyber attacks.
The group announced on 17 November 2024 that it would be shutting down as attention from law enforcement grew and profits slumped, according to threat intel organisation Group-IB. Despite the deadline, the group remained active.
Then, on 1 January 2025, Hunters International announced “World Leaks”, a new extortion-only operation.
“From the administrator’s perspective, ransomware is no longer profitable and risky. The criminals collaborating with the group will be provided with a purportedly self-developed exfiltration tool designed to automate the process of data exfiltration in the victims’ networks,” Group-IB said this week, as seen by BleepingComputer.
“Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool.”
Since the group emerged in 2023, Hunters International has been an aggressive group, claiming over 280 incidents. It was believed to be a rebrand of the Hive ransomware operation due to commonalities in the malware used by both groups.
In August 2024, the group claimed a cyber attack on the US Marshals Service.
At the time of Cyber Daily’s report, Hunters International’s site was down – whether through actions by US authorities is unknown or simply poor timing – however, cyber security firm Hackmanac shared details of the post on X.
“Allegedly, 386 GB (327,268 files) of data were exfiltrated, including gang files, confidential and top-secret documents, FBI docs, cases, active cases, operations data, electronic surveillance, and more,” Hackmanac said in a 26 August post.
Hunters International may set a trend among ransomware groups as increased global activity against these cyber criminals damages the ransomware ecosystem and its profitability.
Group-IB said legislation introduced by nations around the globe, including the Australian Parliament and the US Congress, as well as some areas banning ransomware, have “significantly impacted the underground economy of RaaS operations, forcing affiliates and operators to find new strategies to attack and extort their victims”.
That being said, the search for affiliates by these ransomware-as-a-service (RaaS) operators has increased dramatically, with 44 per cent more offers for affiliates than in 2023.
Be the first to hear the latest developments in the cyber industry.
