The Hunters Worldwide Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to modify up to now theft and extortion-only assaults.
As risk intelligence agency Group-IB revealed this week, the cybercrime group remained energetic regardless of asserting on November 17, 2024, that it was shutting down attributable to declining profitability and elevated authorities scrutiny.
Since then, Hunters Worldwide has launched a brand new extortion-only operation generally known as “World Leaks” on January 1, 2025.
“From the administrator’s perspective, ransomware is not worthwhile and dangerous. The criminals collaborating with the group can be supplied with a purportedly self-developed exfiltration instrument designed to automate the method of knowledge exfiltration within the victims’ networks,” Group-IB stated on Wednesday.
“Not like Hunters Worldwide, which mixed encryption with extortion, World Leaks operates as an extortion-only group utilizing a custom-built exfiltration instrument.”
The brand new instrument appears to be an upgraded variant of the Storage Software program exfiltration instrument that Hunters Worldwide’s ransomware associates additionally use.
Login web page for World Leaks associates panel (Group-IB)
Hunters Worldwide surfaced in late 2023 and was flagged as a potential rebrand of Hive due to code similarities. Its ransomware targets a variety of platforms, together with Home windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers), and it additionally helps x64, x86, and ARM architectures.
Since its emergence, this ransomware gang has claimed over 280 assaults towards organizations worldwide, making it one of the vital energetic ransomware operations.
Notable victims claimed by Hunters Worldwide embody Tata Applied sciences, North American car dealership AutoCanada, U.S. Marshals Service, Japanese optics large Hoya, U.S. Navy contractor Austal USA, and Oklahoma’s largest not-for-profit well being community, Integris Well being.
Hunters Worldwide additionally breached the Fred Hutch Most cancers Middle in December, threatening to leak the stolen knowledge of over 800,000 most cancers sufferers in the event that they weren’t paid.
Up to now, Hunters Worldwide operators have focused corporations of all sizes. BleepingComputer has seen ransom calls for starting from a whole bunch of 1000’s to thousands and thousands of {dollars}, relying on the breached group’s dimension.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and tips on how to defend towards them.
