HQ/EMEAFind out how we can help your business
The Hunters International Ransomware-as-a-Service (RaaS) will start to seize its operations to start to rebrand. The RaaS operators claim that it will focus solely on data theft and extortion attacks.
According to reports, the cybercrime gang continued to operate despite announcing its closure in November last year. Researchers suspect the group will have to stop operating due to diminishing revenue and rising government attention and disruption.
Since then, the organisation has started a new extortion-only operation called “World Leaks” on the first day of 2025.
Experts explain that ransomware is no longer profitable or threatening. In addition, cybercriminals partnering with the organisation would be given a reportedly self-developed exfiltration tool designed to automate data exfiltration in a victim’s network.
Therefore, unlike Hunters International, which combines encryption and extortion, the rebranded World Leaks will be solely dedicated to extortion and employ custom-built exfiltration technology.
Additionally, the new program appears to be an improved version of the Storage Software exfiltration tool, which its ransomware affiliates also utilise.
Hunters International was also classified as the rebrand of the now-defunct Hive ransomware.
Hunters International initially appeared in late 2023 and, due to overlapping source code, was identified as a potential rebranding of Hive.
Its ransomware targets various platforms, like Windows and Linux. Since its inception, this ransomware gang has claimed at least 280 attacks on companies worldwide, making it one of the most active ransomware operations.
Furthermore, it has claimed several notable victims, including the North American vehicle dealership AutoCanada, the United States Marshals Service, the Japanese optical firm Hoya, and the United States Navy contractor Austal USA.
This group also breached the Fred Hutch Cancer Center in December last year and threatened the company to release the stolen information of nearly 800,000 cancer patients if they were not paid.
As of now, its operators have targeted businesses of various sizes. Depending on the size of the hacked firm, different researchers have witnessed ransom demands that reach millions.
