245/68 Monday, July 7, 2025
The ransomware group Hunters International officially announced its shutdown on July 4, 2025, after nearly two years of cybercriminal activity. The group confirmed 55 successful attacks, with another 199 unconfirmed incidents. Known for operating under the Ransomware-as-a-Service (RaaS) model, Hunters International employed double extortion tactics-encrypting victims’ files while also stealing data to blackmail them. If the ransom was not paid, the stolen data would be leaked publicly. Many cybersecurity experts believe the group had ties to the now-defunct Hive Ransomware, which was dismantled by law enforcement in 2023.
According to cybersecurity research firm Comparitech, more than 3.25 million personal records were compromised, with the healthcare sector hit hardest-accounting for 2.9 million records leaked due to attacks on 19 hospitals and clinics. Businesses were targeted in 55 incidents, particularly manufacturing firms. Sixteen government agencies and two schools were also impacted. Some ransom demands reached as high as $10 million, including one aimed at Japan’s Hoya Corporation and a healthcare organization in Italy that refused to pay a $3 million ransom.
The group has now rebranded as World Leaks, shifting away from file encryption to focus solely on data theft and extortion. Experts at Group-IB have confirmed at least 33 attacks under the new name, with targets in both Europe and the United States, such as Freedom Healthcare in Colorado. While Hunters International offered free decryptors to victims who had not yet paid ransoms, analysts view this as a symbolic gesture, since most victims had already recovered their systems. Experts warn that this new strategy signals a troubling evolution in cybercrime-a sharper focus on pure data extortion that is becoming more targeted and aggressive.
Source https://hackread.com/hunters-international-ransomware-rebrands-world-leaks/
