Hunters International Ransomware Shuts Down, Releases Free Decryptors
Summary:
Hunters International, a well-known Ransomware-as-a-Service operation, announced its official shutdown and stated that it will provide free decryption tools to assist victims in recovering their encrypted data without having to pay ransoms. Hunters International, active since late 2023, was responsible for nearly 300 global ransomware attacks affecting various organizations, including government entities, healthcare networks, and major corporations.
In a statement posted on its dark web leak site, the group said the decision to end operations was not made lightly and acknowledged the impact it had on affected organizations.
"After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the cybercrime gang stated in a message posted to its dark web leak site.
Although the group did not detail the "recent developments" prompting the closure, it follows earlier indications from November 2024 citing increased law enforcement scrutiny and diminishing profitability as reasons for winding down. As part of their exit, Hunters International removed all entries from its extortion portal and offered guidance to victims on how to request decryption support.
Security Officer Comments:
While the gesture of releasing free decryptors by a ransomware gang may appear altruistic, it's more likely a strategic retreat in response to mounting legal and operational risks. Offering decryptors could be an attempt to reduce legal exposure or soften future prosecution. However, it also undermines the criminal model of ransomware by enabling victims to recover data without payment, which could set a precedent and embolden more resistance against ransomware demands. Furthermore, it may indicate a shift in cybercriminal tactics, towards extortion-only models like "World Leaks," where data theft without encryption is harder to trace and prosecute but equally damaging.
Link(s):
https://www.bleepingcomputer.com/ne...somware-shuts-down-after-world-leaks-rebrand/
Hunters International, a well-known Ransomware-as-a-Service operation, announced its official shutdown and stated that it will provide free decryption tools to assist victims in recovering their encrypted data without having to pay ransoms. Hunters International, active since late 2023, was responsible for nearly 300 global ransomware attacks affecting various organizations, including government entities, healthcare networks, and major corporations.
In a statement posted on its dark web leak site, the group said the decision to end operations was not made lightly and acknowledged the impact it had on affected organizations.
"After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the cybercrime gang stated in a message posted to its dark web leak site.
Although the group did not detail the "recent developments" prompting the closure, it follows earlier indications from November 2024 citing increased law enforcement scrutiny and diminishing profitability as reasons for winding down. As part of their exit, Hunters International removed all entries from its extortion portal and offered guidance to victims on how to request decryption support.
Security Officer Comments:
While the gesture of releasing free decryptors by a ransomware gang may appear altruistic, it's more likely a strategic retreat in response to mounting legal and operational risks. Offering decryptors could be an attempt to reduce legal exposure or soften future prosecution. However, it also undermines the criminal model of ransomware by enabling victims to recover data without payment, which could set a precedent and embolden more resistance against ransomware demands. Furthermore, it may indicate a shift in cybercriminal tactics, towards extortion-only models like "World Leaks," where data theft without encryption is harder to trace and prosecute but equally damaging.
Link(s):
https://www.bleepingcomputer.com/ne...somware-shuts-down-after-world-leaks-rebrand/