The notorious ransomware group Hunters International has announced its shutdown, but cybersecurity experts confirm this is not the end of its operations. Instead, the group is rebranding and shifting its focus, now operating under the name World Leaks with a new emphasis on data theft and extortion rather than traditional ransomware attacks.
Who Are Hunters International?
Hunters International emerged in late 2023, quickly establishing itself as a major force in the cybercrime landscape. The group is widely believed to be a successor or offshoot of the infamous Hive ransomware operation, which was dismantled by global law enforcement in early 2023. Technical analysis has shown that Hunters International’s malware shares significant code overlap—up to 60%—with the Hive ransomware, although the group claims to be independent, having acquired Hive’s source code and infrastructure.
Operating under a Ransomware-as-a-Service (RaaS) model, Hunters International recruited affiliates to conduct attacks in exchange for a share of the profits. The group became notorious for its double extortion tactics, encrypting victim data and threatening to publish stolen information if ransoms were not paid. Its opportunistic targeting spanned a wide range of industries—including healthcare, manufacturing, finance, logistics, education, and food—and affected organizations in at least 30 countries, with the United States, United Kingdom, Germany, Japan, and Brazil among the most impacted.
The healthcare sector was particularly hard hit: of the 3.25 million personal records compromised in confirmed attacks, 2.9 million came from hospitals and clinics. The group also targeted manufacturers, government entities, schools, and other businesses, demonstrating little discrimination in its victim selection.
Shutdown and Rebranding
On July 4, 2025, Hunters International publicly declared it was shutting down and offered free decryption tools to all previous victims, stating this was a gesture of goodwill. However, industry observers quickly noted that the group had already begun operating under the new name World Leaks. This move is consistent with a common pattern among ransomware groups: when law enforcement pressure mounts or profitability wanes, they often rebrand and shift tactics rather than truly disband.
Still, World Leaks marks a strategic pivot for the group. Rather than encrypting data, the new operation focuses exclusively on data theft and extortion—threatening to leak stolen information unless a ransom is paid. This model reduces operational risk and reflects a broader trend in the cybercriminal ecosystem, as extortion-only attacks become more prevalent.
Impact and Legacy
During its roughly two-year run, Hunters International claimed responsibility for at least 55 confirmed ransomware attacks, with an additional 199 unconfirmed claims. The group’s ransom demands were substantial, with known cases including a $10 million demand to Japan’s Hoya Corporation and a $3 million demand to Italy’s Azienda USL di Modena. The group’s aggressive targeting of critical sectors and global reach made it a significant threat to organizations worldwide.
