CyberSecurityBoard
Sponsor Register Login

Hunters International ransomware shuts down after World Leaks rebrand

​"Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool," Group-IB said at the time, adding that the new tool appears to be an upgraded version of the Storage Software exfiltration tool used by Hunters International's ransomware affiliates. The threat actors added that companies whose systems were encrypted in Hunters International ransomware attacks can request decryption tools and recovery guidance on the gang's official website. While the ransomware group doesn't explain what "recent developments" it refers to, today's announcement follows a November 17 statement saying that Hunters International will soon shut down because of increased law enforcement scrutiny and declining profitability. Notable victims claimed by Hunters International include the U.S. Marshals Service, Japanese optics giant Hoya, Tata Technologies, North American automobile dealership AutoCanada, U.S. Navy contractor Austal USA, and Integris Health, Oklahoma's largest not-for-profit healthcare network. ​The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. ​Hunters International emerged in late 2023 and was flagged by security researchers and ransomware experts as a potential rebrand of Hive due to code similarities. Over the last two years, Hunters International has targeted companies of all sizes, with ransom demands ranging from hundreds of thousands to millions of dollars, depending on the size of the breached organization. In December 2024, Hunters International also hacked the Fred Hutch Cancer Center, threatening to leak the stolen data of over 800,000 cancer patients if they were not paid. "After careful consideration and in light of recent developments, we have decided to close the Hunters International project.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 03 Jul 2025 10:55:14 +0000


Cyber News related to Hunters International ransomware shuts down after World Leaks rebrand

Hunters International ransomware shuts down after World Leaks rebrand - ​"Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool," Group-IB said at the time, adding that the new tool appears to be an upgraded ...
4 days ago Bleepingcomputer.com Hunters
New Hunters International ransomware possible rebrand of Hive - A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by ...
1 year ago Bleepingcomputer.com Hunters
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
4 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
3 months ago Cybersecuritynews.com
Hunters International shifts from ransomware to pure data extortion - Notable victims claimed by Hunters International include Tata Technologies, North American automobile dealership AutoCanada, U.S. Marshals Service, Japanese optics giant Hoya, U.S. Navy contractor Austal USA, and Oklahoma's largest not-for-profit ...
3 months ago Bleepingcomputer.com Hunters
Optics giant Hoya hit with $10 million ransomware demand - A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. Hoya is a Japanese company ...
1 year ago Bleepingcomputer.com Hunters
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com Hunters
Pathfinder AI - Hunters Announces New AI Capabilities with for Smarter SOC Automation - “Hunters has already made a significant impact on our security operations by reducing manual investigations, streamlining data ingestion, and improving threat visibility. Unlike static rule-based automation, Agentic AI dynamically adapts, ...
4 months ago Cybersecuritynews.com Hunters
Hunters International ransomware claims attack on Tata Technologies - The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company. With no further updates have been shared by the company for over a month, ...
4 months ago Bleepingcomputer.com Hunters
Ransomware gang behind threats to Fred Hutch cancer patients - The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center that resulted in patients receiving personalized extortion threats. Fred Hutch is a Seattle-based cancer research and patient care and ...
1 year ago Bleepingcomputer.com Hunters
Threat actors target Austal USA in ransomware attack, US Navy data at risk - The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised. As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the ...
1 year ago Cyberdaily.au Hunters
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
1 year ago Bleepingcomputer.com Ragnar Locker
DP World confirms data stolen in cyberattack, no ransomware used - International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. The company says no ransomware payloads or encryption was used in the attack. On November ...
1 year ago Bleepingcomputer.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com
French police arrests Russian suspect linked to Hive ransomware - French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments. The suspect was apprehended after the French Anti-Cybercrime Office linked him to digital wallets ...
1 year ago Bleepingcomputer.com Hunters
Ransomware review: January 2024 - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In February, there were 376 ransomware victims, marking an unusually active month for the historically subdued time period. February didn't ...
1 year ago Malwarebytes.com LockBit Black Basta
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Tata Technologies' data leaked by ransomware gang | TechCrunch - A ransomware group called Hunters International has published some of the data it claims to have stolen from Tata Technologies, just over a month after the Indian company confirmed a ransomware attack that resulted in the suspension of some services. ...
3 months ago Techcrunch.com Hunters
Navy contractor Austal USA confirms cyberattack after data leak - Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. The company is based in ...
1 year ago Bleepingcomputer.com Hunters

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)