Hunters International announced a new victim recently, the US-based Exela Technologies. The company is a high-value player in the BPA (Business Process Automation) field with global customers, including Fortune 500 companies.
What is clear is that the negotiations between the hackers and the victim haven’t concluded yet. That’s because Hunters International hasn’t published any of the supposed stolen data so far.
Exela Technologies hasn’t commented on the event, but that’s typical in the case of ransomware attacks. Victims, especially high-profile ones, prefer not to shed too much light on the attack, as they fear that this may expose them as vulnerable to other gangs.
While Hunters International is a major factor in the ransomware sphere, the gang isn’t as feared as other ransomware groups. The primary reason for that is the organization’s low level of activity.
Since its first public appearance in October of 2023, Hunters International has produced up to 40 victims, which is quite low compared to other groups. Organizations like Lockbit can meet that number in a month.
However, this is a deceptive POV because Hunters International prioritizes high-value targets. This explains the low number of targets and shows that the ransomware gang is very competent and resourceful.
The shortest answer would be not much. The gang made its presence known in October of last year, but some circumstantial evidence points to signs of activity prior to that date. That may just the when the hackers decided to make themselves visible.
Hunters International is very resourceful and tactical and prefers to stalk and analyze its targets thoroughly before hitting them. This level of premeditation allows them to maximize their profits, as they always go for high-revenue corporations.
The hackers also appear to be very aggressive during negotiations and rarely allow for compromises. However, as cybersecurity experts have shown, paying the ransom doesn’t guarantee anything.
Hunters International relies on the double-extortion method, so they encrypt the victim’s system and steal confidential data. If the negotiations are successful, they will provide the decryption key, allowing the victim to regain control over its files and operations.
But that’s the only guarantee the victim will get. While the hackers also promise to delete the stolen data, that’s almost never the case. Instead, they either sell it on the black market or keep it for later operations.
This is the reason why most professionals advise against paying the ransom or even negotiating with the hackers. The silent treatment appears to be the best option, even if that results in some reputational damages resulting from the data leaking online.
Because there is no guarantee that that won’t happen even after paying the ransom.
We believe security online security matters and its our mission to make it a safer place.
1 Comment
Anonymous
April 5, 2024 12:32 am
Ransomware: Hunters International appears to be recycling data stolen by Hive
The group (which appeared in autumn 2023) was already suspected of having strong links with Hive, which was hit by a major police operation the previous January. Recently, Hunters International took up 3 claims already made by Hive.