Hunters International Shuts Down, Rebrands as World Leaks and Shifts Focus to Data Extortion

• The Hunters International ransomware gang announced the shutdown of its operations.
• Free decryption keys are now available for the victims of the threat actor to use.
• Rumours suggest that the cybercriminals did not retire, but instead rebranded as an extortion-only service, World Leak.

Hunters International, a notorious ransomware-as-a-service (RaaS) operation, has announced the cessation of its operations. The group stated its decision on its dark web page, citing "recent developments" without further elaboration. 

Alongside the announcement, the gang offered free decryption tools to assist victims in restoring their encrypted data without ransom payments. This marks a significant shift in their activity, signaling a deliberate change in strategy.  

The shutdown does not signify an end to the group's operations entirely. Reports from Group-IB Future suggest that Hunters International has rebranded as an extortion-only service called World Leak, transitioning to a model focused solely on data theft and extortion without using traditional ransomware encryption. 

Experts attribute the disbanding of Hunters International to mounting law enforcement pressure and diminishing profitability, common factors driving other ransomware groups to cease operations in the past. 

Hunters International first surfaced in late 2023 as a possible rebrand of the Hive ransomware group. Increased scrutiny and infrastructure targeting by authorities, such as the FBI's takedown of the Hive Ransomware network in 2023, likely influenced this decision. 

The rebranding represents an effort to minimize exposure while continuing illicit activities under a new framework.  

Hunters International was responsible for nearly 300 attacks worldwide during its two-year existence, targeting a diverse range of entities, including the Fred Hutch Cancer Center, Tata Technologies, and ICBC Bank. 

In June, an anonymous whistleblower operating under the moniker GangExposed publicly identified key leaders behind the Conti and Trickbot ransomware groups. 

Currently, Qilin is the leading ransomware group according to a June report.