The notorious ransomware group Hunters Worldwide introduced the shutdown of their operation and the discharge of free decryptors of all victims.
The announcement was made roughly three months after menace intelligence agency Group-IB reported that the group was within the technique of rebranding to World Leaks, with a concentrate on information extortion.
Hunters has been energetic since late 2023 when it emerged as a rebrand of the Hive ransomware gang. Working as a ransomware-as-a-service (RaaS), the group hit over 300 victims, principally in North America.
Over the course of its operation, the group focused techniques working completely different working techniques throughout a number of architectures, hitting organizations of all sizes, stealing their information for double extortion, and tailoring the ransom calls for for every sufferer.
In April, Group-IB warned of a shift within the gang’s ways that was noticed final yr, when it began instantly contacting the sufferer’s management and workers for extortion, as an alternative of itemizing the group on its Tor-based leak website.
The cybersecurity agency mentioned on the time that Hunters was transferring away from file-encrypting ransomware operations to a undertaking known as World Leaks.
The gang has now eliminated all sufferer names from the leak website and posted a message saying the shutdown of the operation.
“After cautious consideration and in gentle of latest developments, we’ve got determined to shut the Hunters Worldwide undertaking,” the announcement reads.Commercial. Scroll to proceed studying.
“As a gesture of goodwill and to help these affected by our earlier actions, we’re providing free decryption software program to all corporations which have been impacted by our ransomware. Our aim is to make sure which you could get better your encrypted information with out the burden of paying ransoms,” it continues.
In keeping with Comparitech head of analysis Rebecca Moody, the discharge of free decryption keys might haven’t any impression, as many of the RaaS’s victims would have already restored their techniques, on condition that Hunters has not claimed a brand new assault since Might.
“Finally, Hunters Worldwide hasn’t had a match of conscience however has seen one other (doubtlessly extra profitable) income stream in information theft. Having rebranded as World Leaks, it’s now extorting victims for information theft–one thing Hunters Worldwide was beforehand fairly profitable at,” Moody mentioned in an emailed remark.
World Leaks emerged in January 2025 and already has 20 victims named on its Tor-based leak website, with the info allegedly stolen from 17 of them already made public. Final month, the gang added Swiss procurement service supplier Chain IQ to the portal.
In contrast to Hunters Worldwide, World Leaks doesn’t use file-encrypting ransomware, however focuses on information theft, a pattern that different hacking teams are more likely to observe.
“I do assume we’ll see a lot of different gangs following swimsuit, as hackers have gotten more and more reliant on information theft of their assaults. Maybe we might want to rethink our definition of ransomware sooner or later, however for now, assaults through the likes of World Leaks are cyberattacks not ransomware assaults,” Moody mentioned.
In keeping with KnowBe4 safety consciousness advocate Erich Kron, Hunters Worldwide’s launch of free decryption keys may very well be the results of potential legislation enforcement actions, given the elevated cooperation and coordination between authorities internationally in taking down ransomware teams.
The shift to information extraction and extortion “is much less seemingly to attract the centered consideration of legislation enforcement since they aren’t taking down the operations of the corporate or different entity,” and the impression on the sufferer organizations may very well be a lot decrease, Kron commented.
“Many ransomware teams have toyed with information theft solely, particularly as organizations get higher about rapidly restoring from file encryption, in order that half carries much less weight,” Kron mentioned.
Associated: Delicate Info Stolen in Sensata Ransomware Assault
Associated: Ransomware Group Claims Assault on Tata Applied sciences
Associated: FBI Conscious of 900 Organizations Hit by Play Ransomware
Associated: Ransomware Gang Leaks Alleged Kettering Well being Information
