Share this article on:
The recent cyber attack on Japanese optics giant Hoya has turned out to be a ransomware attack by Hunters International, which is demanding US$10 million to prevent the release of exfiltrated data.
Hoya Optics initially released a statement on 1 April saying it had experienced an “IT incident” late in March, mentioning no indication of a cyber attack but that the incident led to some of its systems going offline.
However, in a PDF advisory on the incident, Hoya described an event that indicates the outage may have been caused by a cyber attack, saying that it is most likely that a third party had accessed its systems.
“In the morning of March 30, 2024, we discovered a discrepancy in system behaviour at one of our overseas offices and confirmed that a system failure had occurred,” it said.
“We also engaged external forensic investigators who reported that this incident was most likely caused by unauthorised access to our servers by a third party.”
Now, as first reported by French publication LeMagIT, the infamous Hunters International ransomware gang has claimed responsibility for the attack and has listed the company’s data for a whopping $10 million.
According to the threat group, it exfiltrated 1.7 million files that make up two terabytes of data. Additionally, Hunters International has said that with this ransom, there is no negotiation or available discount.
Hoya has yet to provide an update since its initial press release earlier this month.
Hunters International is a relatively young ransomware gang, having first appeared in October last year. In a short time, it has launched a number of high-profile attacks, including on the US subsidiary of Australian shipbuilder and defence contractor Austal.
While Hunters International’s origins are up for debate, several cyber experts have concluded that the group appeared out of the ashes of the Hive ransomware group, which was taken down by the FBI midway through last year.
Based on reports, Hunters International has been observed using the same malware code as Hive, with researchers noting a number of substantial code overlaps.
“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” wrote Bitdefender in a report.
“While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable.”