Hunters International Shuts Down and Offers Free Decryptors

The Hunters International ransomware-as-a-service (RaaS) operation has officially shut down, the group announced via its dark web leak site. In a surprising move, the threat actors are now offering free decryptors to help past victims recover their data without paying a ransom.

“After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with,” the cybercrime gang says in a statement published on its dark web site.

“As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.”

The group did not elaborate on the “recent developments” that triggered the shutdown, though it followed a November 2024 warning that increased law enforcement scrutiny and declining profits were threatening its future. Although profits were declining, just last year Hunters International was listed as one of the top five malicious ransomware groups last in our annual report. In April, it was also revealed that the group had rebranded and launched a new extortion-only operation under the name World Leaks, dropping encryption tactics in favor of data theft.

Originally surfacing in late 2023, Hunters International was suspected of being a rebrand of the dismantled Hive ransomware group, due to code similarities. It built a reputation for attacking a broad range of platforms – including Windows, Linux, FreeBSD, SunOS, and VMware ESXi, with ransomware supporting x64, x86, and ARM systems. 

Over its two year lifespan, the group claimed nearly 300 attacks globally, with ransom demands reaching millions. High-profile victims included the US Marshals Service, Tata Technologies, Hoya, Austal USA, AutoCanada, and the Fred Hutch Cancer Center.