New Hunters International ransomware possible rebrand of Hive

A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by analysis of the new encryptor revealing multiple code overlaps between the two ransomware gangs. Security researchers analyzing a sample of the Hunters International malware discovered a striking resemblance to the code used in Hive ransomware attacks. More specifically, malware analyst and reverse engineer rivitna, who first spotted the new encryptor, came to the conclusion that Hunters International malware was a sample of Hive ransomware version 6. In replies to the tweet above, security researcher Will Thomas shares that he found "Some maintained Hive ransomware strings" in the Hunters International code. Looking closer at the Hunters International sample, the researcher discovered code overlaps and similarities that match more than 60% of the code in Hive ransomware. The Hunters International group is denying the researchers' "Allegations" saying that they are a new service on the ransomware scene who purchased the encryptor source code from the Hive developers. "All of the Hive source codes were sold including the website and old Golang and C versions and we are those who purchased them," the Hunters International gang says. Hive International claims that Hive's code contained "a lot of mistakes that caused unavailability for decryption in some cases" but they fixed it. The new gang says that encryption is not the main goal of their operation, instead focusing on stealing data as leverage when extorting victims into paying a ransom demand. From analysis by BleepingComputer, Hunters International's encryptor appends the ". The malware leaves in each directory a plaintext file named "Contact Us.txt" with instructions for the victim to contact the attacker over Tor, through a chat page that is protected by a login specific for each victim. At the moment, their data leak site lists only one victim, a school in the UK, from where the attackers claim to have stolen almost 50,000 files consisting of data about students and teachers along with network and web credentials. As spotted by MalwareHunterTeam, Hunters International's data leak site shows a set of messages, likely in an attempt to share with the world that they mean serious business and "Hunting" for victims and extorting them is their main purpose. It remains to be seen what fate awaits Hunters International's but with one victim published on their data leak site, the group does not appear to be too active. Whether Hive ransomware sold the source code to other cybercriminals or not, remains unknown at the moment but the gang's operations came to a sudden stop after its Tor payment and data leak site were seized in an international operation in January. Disrupting the ransomware operation, which had 250 affiliates, was possible after the FBI had infiltrated the gang's infrastructure and monitored the activity for six months, since July 2022. According to the FBI, the gang breached more than 1,300 companies and recived ransom payments of about $100 million. The agency's activity allowed it to provide more than 1,300 decryption keys to Hive ransomware victims that had been encrypted before and after the FBI gained access to the attacker's environments.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to New Hunters International ransomware possible rebrand of Hive

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
New Hunters International ransomware possible rebrand of Hive - A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by ...
11 months ago Bleepingcomputer.com
French police arrests Russian suspect linked to Hive ransomware - French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments. The suspect was apprehended after the French Anti-Cybercrime Office linked him to digital wallets ...
11 months ago Bleepingcomputer.com
Optics giant Hoya hit with $10 million ransomware demand - A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. Hoya is a Japanese company ...
7 months ago Bleepingcomputer.com
Threat actors target Austal USA in ransomware attack, US Navy data at risk - The US subsidiary of Australian shipbuilding company Austal has been hit by a ransomware attack, raising concerns that US Navy information has been compromised. As seen by Cyber Daily through FalconFeeds, the attack on Austal USA was conducted by the ...
11 months ago Cyberdaily.au
Ransomware gang behind threats to Fred Hutch cancer patients - The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center that resulted in patients receiving personalized extortion threats. Fred Hutch is a Seattle-based cancer research and patient care and ...
11 months ago Bleepingcomputer.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
11 months ago Darkreading.com
US offers $10 million for tips on Hive ransomware leadership - The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. The FBI says this ransomware group had extorted roughly $100 million from over 1,300 ...
9 months ago Bleepingcomputer.com
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
11 months ago Securityboulevard.com
How the Hive Takedown Impacts Ransomware Prevention - Ransomware experts are widely praising the takedown of the notorious "Hive" criminal infrastructure, but the potential impacts it may have on preventing ransomware ongoing and into the future remains a matter of debate. ...
1 year ago Therecord.media
US Offers $10 Million Reward for Info About Hive Ransomware Leaders - The U.S. government appears eager to finish off what's left of the notorious Hive ransomware group, offering a $10 million reward for information that leads to the identification and location of any of the leaders of the gang. The State Department on ...
9 months ago Securityboulevard.com
Microsoft: Over 100 Threat Actors Deploy Ransomware in Attacks - Microsoft revealed that its security teams are tracking over 100 threat actors deploying ransomware during attacks. The company monitors over 50 unique ransomware families that were actively used until the end of last year, including Lockbit Black, ...
1 year ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
11 months ago Bleepingcomputer.com
How US is Offering a $10M Bounty for Links between Foreign Governments and the Hive Ransomware - The United States is offering a $10 million bounty to anyone who can provide information with clear links that demonstrate foreign government involvement in the Hive ransomware. Hive is a ransomware strain which has been used to threaten victims and ...
1 year ago Bleepingcomputer.com
US Offers $10M Reward for Information on Hive Ransomware Leaders - The US Department of State on Thursday announced a $10 million reward for information on leaders of the Hive ransomware cybergang. The announcement comes roughly one year after law enforcement took down the Hive ransomware operation and seized the ...
9 months ago Securityweek.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
Navy contractor Austal USA confirms cyberattack after data leak - Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. The company is based in ...
11 months ago Bleepingcomputer.com
INC ransomware source code selling on hacking forums for $300,000 - INC has previously targeted the U.S. division of Xerox Business Solutions, Yamaha Motor Philippines, and, more recently, Scotland's National Health Service. Simultaneously with the alleged sale, the INC Ransom operation is undergoing changes that ...
6 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Royal ransomware may soon rebrand, BlackSuit links confirmed The Register - The FBI and the US govt's Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The agencies didn't specify a ...
11 months ago Theregister.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
9 months ago Malwarebytes.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)