- Hunters International struck many private and public entities, including Tata and Telecom Namibia
- The group says it is disbanding "in light of recent events"
- It even released decryption keys for their victims
A major ransomware operation has announced a complete shutdown and the public release of decryption keys - however, some are skeptical that this is the last we’ve seen of this particular group.
The operators, known as Hunters International, published a short announcement on their dark web site, notifying their followers, affiliates, and the wider cybercriminal community, that they will no longer operate.
“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the announcement reads. “This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with.”
Callback phishing
While the group mentions “recent developments”, it doesn’t elaborate, so we don’t know if this means they were seized by law enforcement, or they simply extorted enough money to call it quits.
TechCrunch, on the other hand, believes there could be a third option - a smoke-and-mirrors effort to throw the police off. Discussing the matter with threat intelligence analyst from Recorded Future, Allan Liska, TechCrunch learned the group might be rebranding to World Leaks.
“I think this is more of a ‘cutting of ties’ with the old infrastructure,” Liska told the publication. This wouldn’t be the first group that rebranded to try and hide their tracks.
After the Colonial Pipeline attack, DarkSide, rebranded into BlackMatter, and later Alphv/BlackCat, and REvil (Sodinokibi) was preceded by GandCrab.
As for releasing decryption keys, while commendable, it doesn’t mean much for the attackers, Liska argues. These are mostly older victims who had no intention of paying anyway, so for the group - nothing was lost.
“As far as releasing decryption keys, at this point they aren’t likely to make any money from any Hunters’ victims who are still out there, so they probably see it as a gesture that doesn’t really cost them anything,” Liska concluded.
You might also like
- America is the top source of spam, and it’s getting worse thanks to growing data center infrastructure
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
