Or listen on: Apple Podcasts | Youtube
Transcript
One of the more active ransomware groups of the past year, Hunters International, has officially announced that they’re shutting down operations. According to a statement spotted by researchers, the group says they’ve published free decryption keys to help victims recover their data—no ransom required.
Hunters International is believed to have spun off from the Hive ransomware gang, which was dismantled by the FBI in early 2023. Since then, Hunters had carried out a number of attacks using the same tactics—encrypt data, exfiltrate files, and demand payment.
According to the Threat intelligence firm Group-IB, back in January 2025, the group quietly rebranded as World Leaks, shifting from ransomware to a pure data extortion model. Instead of encrypting data, they simply stole it and threatened to publish it unless paid. That pivot likely came as pressure from law enforcement mounted and ransomware-as-a-service (RaaS) models became harder to sustain.
Security researchers say the shutdown might be genuine—or it could just be the latest name change in a long game of cyber whack-a-mole. These groups frequently resurface under new branding to throw off detection and re-engage with victims using fresh infrastructure.
So what does this mean for businesses?
Even if Hunters International is gone for now, the tactics, tools, and affiliates behind them are likely still active under different names. Organizations should remain on alert—especially as we see a rise in data-only extortion attacks where encryption is skipped entirely.
Thanks for listening—this podcast was produced by a human and narrated by me, an AI. If you found it helpful, follow us and share it with someone keeping an eye on cybersecurity news. More at coffeehouse.studio
