Hunters International ransomware group shuts down - but will it regroup under a new guise?

The notorious Hunters International ransomware-as-a-service operation has announced that it has shut down, in a message posted on its dark web leak site.

In a statement on its extortion site, the ransomware group says that it has not only "decided to close the Hunters International project" but is also offering free decryption tools to its previous victims - with no ransom payment required.

Hunters International does not give a specific reason for its closure, but says that the "significant decision" was made "after careful consideration and in light of recent developments."

What might those "recent developments" be?

Well, the group had previously announced on November 17 2024 that it would be shutting down its operations because of increased attention from law enforcement and a slump in profits. That announcement appears, in retrospect, to have been premature as the Hunters International group remained active.

Then, in April 2025, security researchers claimed that Hunters International was planned to shut down, and seemingly refocusing its modus operandi from exfiltration-encryption-extortion to a pure data theft and extortion-only approach under a new name of "World Leaks."

If that's accurate then this would be just the latest evolution of the Hunters International operation, which was itself born out of the ashes of the Hive ransomware group that was infiltrated and dismantled by the FBI.

In short, although this may be the end of Hunters International - the relief may be temporary.

This week's announcement on the Hunters International leak site coincides with the removal of its list of past victims, which have included Indian engineering giant Tata Technologies and the London branch of Chinese state-owned bank ICBC.

The Hunters International ransomware-as-a-service group has claimed responsibility for multiple attacks around the world, earning millions of dollars worth of cryptocurrency for cybercriminals. The one notable country which appears to have escaped the group's unwanted attention is Russia.

Regular readers will not be surprised to hear that a ransomware group has gone out of its way not to target organisations based in Russia - a decision borne out of a desire for the country's law enforcement agencies to turn a blind eye to their activities.

While the shutdown of Hunters International may seem like a victory for cybersecurity, the potential for re-emergence remains significant.

Organisations must continue to prioritise their cybersecurity to safeguard against cybercriminals, and maintain vigilance.