Notorious Hunters International ransomware group announces sudden shutdown
The notorious Hunters International ransomware group has announced its closure. It will provide free decryption software to its previous victims, citing 'recent developments' as the reason for its decision. This marks the second time the group has attempted to shut down, having made a similar announcement in November 2023.
Hunters International operated for nearly two years, extorting hundreds of victims, including high-profile targets like a prominent cancer center and the U.S. Marshals Service. The group's decryption software was widely criticized by incident responders for its poor design. Earlier this year, cybersecurity firm Group-IB revealed that Hunters International planned to relaunch as an extortion-only service called WorldLeaks, which is currently operational and shares the same design.
Group-IB's research also suggested that some administrators of both Hunters International and WorldLeaks may have previously been involved with the Hive operation, which was shut down by law enforcement in 2023. Hunters International claimed to have purchased Hive's source code, but this claim is suspected to be an attempt to distance Hive operators from the new group.
Despite the group's announcement, it remains unclear how many of Hunters International's targets were actual victims of encryption attacks. The group's decision to shut down and provide free decryption software may be an attempt to evade further scrutiny. However, with WorldLeaks currently operational and sharing similarities with Hunters International, the cybersecurity community remains vigilant.
