Hunters International ransomware gang shuts down and offers free decryption keys to all victims

Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact.

The ransomware group Hunters International announced on its dark web site that it is shutting down, citing “recent developments” without specifying details. The group stated the decision was made after careful consideration and acknowledged the impact on affected organizations.

“We, at Hunters International, wish to inform you of a significant decision regarding our operations. After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with.” reads the group’s announcement published on the Tor leak site.

“As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.

We understand the challenges that ransomware attacks pose, and we hope that this initiative will help you regain access to your critical information swiftly and efficiently. To access the decryption tools and receive guidance on the recovery process, please visit our official website.”

Hunters International ransomware

The ransomware gang announced it is offering free decryption keys to all victims to recover data without paying. They urged victims to visit their site for keys, though no such info is currently available. Over two years, the gang claimed almost 300 victims, including Tata Technologies and the Fred Hutchinson Cancer Center.

The ransomware group emerged in the threat landscape after international authorities seized the Hive gang’s infrastructure. Hunters International is suspected to be a sort of rebrand of the Hive ransomware gang. Experts noticed that the Hunters International group was using a code that is very similar to the one used by the Hive gang.

Experts suspect Hunters International’s shutdown may be a strategic rebrand into a new group called World Leaks. The move likely aims to cut ties with old infrastructure, which poses risks of law enforcement tracking. World Leaks uses new ransomware and infrastructure but may involve the same threat actors.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter