Ransomware Hunters International Shuts Down

Hunters International Ransomware Group Announces Shutdown

The cybercrime organization known as Hunters International declared its cessation of operations on Thursday via a post on its dark web forum.

In a statement, the hackers indicated that the decision to close the Hunters International project was made following thorough deliberation and consideration of recent events. They refrained from specifying the precise nature of these developments.

The group acknowledged the potential repercussions of this decision on entities with whom they had previously engaged.

Free Decryption Keys Offered

Notably, the ransomware gang announced its intention to provide complimentary decryption keys to all organizations affected by their ransomware attacks.

The stated aim is to facilitate data recovery for victims without the requirement of ransom payments. Affected parties were directed to the group’s official website to acquire these keys and restore their encrypted files.

However, as of this writing, no such information is currently available on the website.

Previous Activity and Potential Rebranding

During its two years of activity, Hunters International claimed responsibility for attacks against numerous targets. These included a cancer center located in the United States and, reportedly, the U.S. Marshals Service.

The U.S. Marshals Service, however, has publicly denied being compromised by this particular cybercrime group.

Historically, several ransomware groups have followed a similar pattern: releasing decryption keys and subsequently ceasing operations, often for varied reasons.

Some groups have resurfaced under different names, potentially to evade detection by security researchers and law enforcement. Others have discontinued operations after accumulating sufficient funds.

Possible Transition to World Leaks

Regarding Hunters International, the motivations behind the shutdown remain unclear. However, indications emerged as early as April suggesting a potential rebranding and transition to a group identified as World Leaks.

This assessment comes from Allan Liska, a threat intelligence analyst at Recorded Future, a cybersecurity firm.

Liska believes the shutdown represents a severance of ties with the group’s previous infrastructure.

He suggests that releasing decryption keys at this juncture likely incurs minimal financial loss for the group, as further revenue from remaining victims is improbable.

Reasons for Disappearance

World Leaks employs new ransomware software and operates from a different web hosting location, though the individuals involved may be the same, according to Liska.

Prolonged use of the same technical infrastructure can increase vulnerability to law enforcement scrutiny, as demonstrated by the FBI’s takedown of the Hive ransomware gang in 2023.

Alternatively, the group may have anticipated impending law enforcement action and proactively shut down to avoid capture.