The infamous ransomware syndicate Hunters International has announced its closure, claiming to offer free decryption keys to past victims as a final move. The group, active for over two years and responsible for attacks on entities including a U.S. cancer center and Tata Technologies, posted its farewell on the dark web.
“After careful consideration, we’ve decided to shut down the Hunters International project,” the group stated, acknowledging the harm inflicted through its attacks. As a supposed reconciliation effort, they pledged to distribute decryption tools to impacted organizations free of charge.
However, cybersecurity experts warn this isn’t an act of goodwill but a strategic shift. Dray Agha of Huntress points out that Hunters is merely rebranding as World Leaks, a group focused solely on extortion without encrypting files. “This move is less about remorse and more about reducing risk amid growing law enforcement pressure,” Agha explained.
World Leaks runs four platforms, including a data leak site, ransom negotiation portal, media access channel, and affiliate dashboard for criminal collaborators. It emerged earlier as a side operation and is now set to become the primary identity of the group.
According to Daniel dos Santos of Forescout, such rebranding is common among cybercriminal groups seeking to stay ahead of law enforcement. The shift from encryption-based ransomware to data exfiltration reflects their strategy to avoid intensified crackdowns.
While the group claims to be helping victims recover data, Santos urges caution. “Even paid decryption keys often fail. Free ones are unlikely to be reliable,” he warned.
The closure of Hunters International may signal a tactical evolution in cybercrime rather than a resolution—and organizations must stay vigilant.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
