The ransomware gang often known as Hunters Worldwide introduced on its darkish net web page Thursday that it’s shutting down.
“After cautious consideration and in mild of latest developments, we now have determined to shut the Hunters Worldwide venture,” the hackers wrote in a put up, with out clarifying what particular developments it was referring to. “This determination was not made calmly, and we acknowledge the influence it has on the organizations we now have interacted with.”
The hackers additionally mentioned they’re providing free decryption keys “to all firms which have been impacted by our ransomware.”
“Our purpose is to make sure that you could get well your encrypted knowledge with out the burden of paying ransoms,” wrote the gang, which requested victims to go to its official website to acquire the decryption keys and to get well the encrypted information.
On the time of writing, there isn’t a such data on the web site.
Hunters Worldwide has claimed a number of victims in its two years of existence, together with a U.S. cancer center, and the U.S. Marshals Service; though, the legislation enforcement company denied having been hacked by the cybercrime gang.
A number of ransomware gangs previously have launched their victims’ decryption keys then shut down, every of them for various causes. Some shut down solely to return beneath a brand new title, maybe in an try and confuse researchers and legislation enforcement businesses, and generally to flee sanctions. Others determined to name it quits after acquiring sufficient funds to retire.
Within the case of Hunters Worldwide, it’s nonetheless too early to inform what the gang’s motivations are for shutting down, however there have been indicators way back to April that time to a rebrand and transition to a gaggle referred to as World Leaks, based on Allan Liska, a risk intelligence analyst at cybersecurity agency Recorded Future.
“I believe that is extra of a ‘slicing of ties’ with the outdated infrastructure,” mentioned Liska, who has been monitoring ransomware for years. “So far as releasing decryption keys, at this level they aren’t prone to make any cash from any Hunters’ victims who’re nonetheless on the market, so that they most likely see it as a gesture that doesn’t actually value them something.”
World Leaks group makes use of a brand new ransomware software program and has a brand new website hosted elsewhere, however the individuals behind it could be the identical, mentioned Liska.
Liska mentioned the rationale for the gang going darkish could also be that “utilizing the identical technical infrastructure too lengthy makes you extra susceptible to legislation enforcement,” referring to Hive, a ransomware gang that was seized and shut down by the FBI in 2023.
“Or, they acquired wind that legislation enforcement was closing in and determined to get forward of them,” he mentioned.