October 29, 2023 at 08:00PM
Hunters International, a new ransomware-as-a-service brand, appears to be linked to the Hive ransomware operation. Analysis of the Hunters International malware reveals significant code similarities with the Hive ransomware. However, Hunters International denies the allegations, claiming they purchased the encryptor source code from Hive developers. The group emphasizes that their primary goal is data theft for extortion rather than encryption. They have targeted at least one victim, a school in the UK, stealing nearly 50,000 files. Hive ransomware was disrupted in January after the FBI seized their infrastructure, resulting in more than 1,300 decryption keys being provided to victims.
Meeting Takeaways:
– A new ransomware-as-a-service brand called Hunters International has emerged, using code from the Hive ransomware operation.
– Security researchers have discovered code overlaps and similarities between Hunters International and Hive ransomware, suggesting a connection between the two groups.
– Hunters International denies these allegations and claims to have purchased the encryptor source code from the Hive developers.
– The malware used by Hunters International appends the “.LOCKED” extension to encrypted files and leaves a plaintext file with contact instructions for victims.
– Hunters International has leaked data from one victim, a school in the UK, and claims to focus on stealing data rather than encryption.
– The fate of Hunters International is uncertain, as they have not been very active so far.
– The Hive ransomware operation was disrupted earlier this year, with their Tor payment and data leak site seized in an international operation.
– The FBI infiltrated the Hive gang’s infrastructure and monitored their activity for six months, providing more than 1,300 decryption keys to victims.
– The Hive gang breached more than 1,300 companies and received approximately $100 million in ransom payments.