The Hunters Worldwide Ransomware-as-a-Service (RaaS) operation introduced in the present day that it has formally closed down its operations and can provide free decryptors to assist victims get better their knowledge with out paying a ransom.
“After cautious consideration and in mild of latest developments, we have now determined to shut the Hunters Worldwide challenge. This determination was not made flippantly, and we acknowledge the affect it has on the organizations we have now interacted with,” the cybercrime gang says in an announcement printed on its darkish net leak earlier in the present day.
“As a gesture of goodwill and to help these affected by our earlier actions, we’re providing free decryption software program to all corporations which were impacted by our ransomware. Our purpose is to make sure you can get better your encrypted knowledge with out the burden of paying ransoms.”
The risk actors additionally eliminated all entries from the extortion portal and added that corporations whose methods had been encrypted in Hunters Worldwide ransomware assaults can request decryption instruments and restoration steering on the gang’s official web site.
Whereas the ransomware group would not clarify what “latest developments” it refers to, in the present day’s announcement follows a November 17 assertion saying that Hunters Worldwide will quickly shut down due to elevated regulation enforcement scrutiny and declining profitability.
Menace intelligence agency Group-IB additionally revealed in April that Hunters Worldwide was rebranding with plans to concentrate on knowledge theft and extortion-only assaults, and had launched a brand new extortion-only operation often known as “World Leaks.”
”In contrast to Hunters Worldwide, which mixed encryption with extortion, World Leaks operates as an extortion-only group utilizing a custom-built exfiltration device,” Group-IB stated on the time, including that the brand new device seems to be an upgraded model of the Storage Software program exfiltration device utilized by Hunters Worldwide’s ransomware associates.
Hunters Worldwide emerged in late 2023 and was flagged by safety researchers and ransomware consultants as a potential rebrand of Hive on account of code similarities. The ransomware group’s malware targets a variety of platforms, together with Home windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers), and it additionally comes with assist for x64, x86, and ARM architectures.
Over the past two years, Hunters Worldwide has focused corporations of all sizes, with ransom calls for starting from a whole bunch of hundreds to tens of millions of {dollars}, relying on the scale of the breached group.
The ransomware gang has claimed duty for nearly 300 assaults worldwide, making it probably the most energetic ransomware operations in recent times.
Notable victims claimed by Hunters Worldwide embrace the U.S. Marshals Service, Japanese optics big Hoya, Tata Applied sciences, North American vehicle dealership AutoCanada, U.S. Navy contractor Austal USA, and Integris Well being, Oklahoma’s largest not-for-profit healthcare community.
In December 2024, Hunters Worldwide additionally hacked the Fred Hutch Most cancers Middle, threatening to leak the stolen knowledge of over 800,000 most cancers sufferers in the event that they weren’t paid.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy strategies.
Drawing from Wiz’s detections throughout hundreds of organizations, this report reveals 8 key strategies utilized by cloud-fluent risk actors.
