A new ransomware-as-a-service group, known as Hunters International, has emerged, and it appears to be a rebranding of the Hive ransomware operation. This suspicion is based on a thorough analysis of their code, which reveals significant similarities between the two groups.
Security researchers examining a sample of Hunters International’s malware found striking resemblances to the code used in Hive ransomware attacks. Specifically, a malware analyst named rivitna concluded that Hunters International malware was essentially a version of Hive ransomware.
Furthermore, there was evidence of “maintained Hive ransomware strings” in the Hunters International code, reinforcing the connection. Hunters International, however, claims that they purchased the source code from Hive developers and disputes the allegations.
Hunters International’s main focus appears to be data theft as leverage for extorting ransom payments from victims, rather than encryption itself. Their data leak site showcases messages emphasizing their intent to target and extort victims.
It remains uncertain how this new group’s activities will unfold, although they have made their intentions clear. The Hive ransomware operation, on the other hand, came to a halt after an international operation led to the seizure of their Tor payment and data leak sites.
The FBI, which had infiltrated the gang’s infrastructure and monitored it for six months, managed to disrupt the ransomware operation. According to the FBI, the gang had breached over 1,300 companies and received around $100 million in ransom payments. As a result, the FBI was able to provide decryption keys to over 1,300 Hive ransomware victims.
To prevent falling victim to ransomware attacks like those associated with Hive and now potentially Hunters International, individuals and organizations should take proactive measures. Regularly updating and patching software can help protect against vulnerabilities that ransomware often exploits. Employing strong, unique passwords and implementing multi-factor authentication can enhance security.
Regular data backups should be maintained, with an offline backup strategy to safeguard against data loss. Security awareness training for employees is crucial, as many ransomware attacks start with phishing emails. Additionally, organizations should invest in robust cybersecurity solutions to detect and respond to threats promptly.