Hunters International Ransomware Group Shuts Down; Offers Free Decryptors
The Hunters International threat group announced on Thursday that its operation is being shut down and claimed that it will be publishing the decryption keys to allow victims of its ransomware attacks to recover any encrypted files for free. Hunters International is a Russian-speaking ransomware-as-a-service group that recruits affiliates to breach corporate networks and encrypt files in exchange for a cut of any profits they generate. The group had no qualms about attacking healthcare organizations, having claimed many victims over the past 18 months.
“After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with,” wrote the group in a notice on its website. “As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.”
Ransomware groups often shape-shift, shutting down an operation, then restarting under a new name with a new encryptor and infrastructure. Hunters International appears to have already started that process, having launched World Leaks earlier this year, a data leak website where victims are named and stolen data is leaked if a ransom is not paid. The new data leak coincided with a change in the group’s tactics, with the group suggesting it would be abandoning ransomware to concentrate on data theft and extortion. It is currently unclear whether the shutdown of its operation is linked to the creation of World Leaks.
“We understand the challenges that ransomware attacks pose, and we hope that this initiative will help you regain access to your critical information swiftly and efficiently. To access the decryption tools and receive guidance on the recovery process, please visit our official website,” the group wrote. “We appreciate your understanding and cooperation during this transition. Our commitment to supporting affected organizations remains our priority as we conclude our operations.” No free decryptor has currently been made available on its website.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Hunters International is thought by some to be a rebrand of a different ransomware group – Hive. Hive was shut down after an international law enforcement operation. The Federal Bureau of Investigation (FBI) infiltrated the group in July 2022 and, in coordination with several law enforcement agencies in other countries, seized control of its servers. The takedown was announced by the Department of Justice in January 2023, and Hunters emerged in October 2023. Hunters used the Hive encryptor, although the group claimed it purchased the source code from Hive and was not a rebrand of the Hive group.
Despite establishing World Leaks, the group continued to post victims of encryption attacks on its data leak site. A spokesperson for the World Leaks site claimed they split with Hunters International some time ago, according to databreaches.net. That suggests that World Leaks is a breakaway group, and if that statement is to be believed, Hunters International could have decided to permanently close down its operation, although the group may simply reinvent itself under a new name at some point in the future.
