The Hunters Worldwide Ransomware-as-a-Service (RaaS) operation introduced right this moment that it has formally closed down its operations and can supply free decryptors to assist victims recuperate their information with out paying a ransom.
“After cautious consideration and in gentle of current developments, we’ve determined to shut the Hunters Worldwide venture. This resolution was not made calmly, and we acknowledge the influence it has on the organizations we’ve interacted with, the cybercrime gang says in a press release printed on its darkish net leak earlier right this moment.
“As a gesture of goodwill and to help these affected by our earlier actions, we’re providing free decryption software program to all firms which were impacted by our ransomware. Our aim is to make sure that you could recuperate your encrypted information with out the burden of paying ransoms.”
The risk actors additionally eliminated all entries from the extortion portal and added that firms whose programs had been encrypted in Hunters Worldwide ransomware assaults can request decryption instruments and restoration steering on the gang’s official web site.
Whereas the ransomware group would not clarify what “current developments” it refers to, right this moment’s announcement follows a November 17 assertion saying that Hunters Worldwide will quickly shut down due to elevated legislation enforcement scrutiny and declining profitability.
Risk intelligence agency Group-IB additionally revealed in April that Hunters Worldwide was rebranding with plans to give attention to information theft and extortion-only assaults, and had launched a brand new extortion-only operation generally known as “World Leaks.”
”In contrast to Hunters Worldwide, which mixed encryption with extortion, World Leaks operates as an extortion-only group utilizing a custom-built exfiltration instrument,” Group-IB mentioned on the time, including that the brand new instrument seems to be an upgraded model of the Storage Software program exfiltration instrument utilized by Hunters Worldwide’s ransomware associates.
Hunters Worldwide emerged in late 2023 and was flagged by safety researchers and ransomware consultants as a potential rebrand of Hive attributable to code similarities. The ransomware group’s malware targets a variety of platforms, together with Home windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers), and it additionally comes with assist for x64, x86, and ARM architectures.
Over the past two years, Hunters Worldwide has focused firms of all sizes, with ransom calls for starting from lots of of 1000’s to hundreds of thousands of {dollars}, relying on the dimensions of the breached group.
The ransomware gang has claimed accountability for nearly 300 assaults worldwide, making it some of the energetic ransomware operations lately.
Notable victims claimed by Hunters Worldwide embody the U.S. Marshals Service, Japanese optics big Hoya, Tata Applied sciences, North American car dealership AutoCanada, U.S. Navy contractor Austal USA, and Integris Well being, Oklahoma’s largest not-for-profit healthcare community.
In December 2024, Hunters Worldwide additionally hacked the Fred Hutch Most cancers Heart, threatening to leak the stolen information of over 800,000 most cancers sufferers in the event that they weren’t paid.
Whereas cloud assaults could also be rising extra refined, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent risk actors.
