Hunters International Adds 2 New Victims to its Name

By Miklos Zoltan . 28 April 2024

Founder - Privacy Affairs

Fact-Checked this

Hunters International announced 2 new victims on their leak website. These are the US-based Rocky Mountain Sales and the Australian SSS Australia. There’s no public statement from the victims yet.

Hunters International is one of the most modern and competent ransomware gangs today
The organization first came public in late October 2023, which makes it a new entry in the ransomware sphere
Hunters International is known to rely on the double-extortion practice to coerce the victim into negotiating and, ultimately, pay the ransom
Based on the gang’s attack history, Hunters International prefers to target high-value targets with meaty revenues

2023 has been a fruitful year for the ransomware business bubble as a whole. The number of attacks has increased dramatically compared to 2022, as has that of the paid ransoms. There are several potential explanations for this.

One of them links to the increase in the number of newcomers in the ransomware sphere. Hunters International is one of them. But that’s not the whole story.

X showing the HUNTERS INTERNATIONAL attack on the 2 victims — https://twitter.com/FalconFeedsio/status/1784568246685052981

The real story is that, despite it being new in the industry, Hunters International is already making waves. They’re hunting high-value targets primarily and showcase impressive success in terms of actually breaching their victims.

This paints the organization as highly competent, using modern tools and tactics, which is a bit atypical for any new player in the business. Fortunately, there’s a theory that could explain this anomaly and that’s the link between Hunters International and Hive.

Hive was one of the most competent, dangerous, and intimidating ransomware gangs in the world, pre-January, 2023, when the FBI cracked down on it. The organization was dissolved and its assets redistributed.

Hunters International self-admittedly bought some of them. According to the hackers themselves, Hunters International managed to acquire around 60% of Hive’s code.

Is Hunters International the New Hive?

Yes and no. While Hunters International does appear to have purchased some of Hive’s code, they don’t operate within the same bounds. Hunters International is a new, standalone group with its unique identity and protocol.

From a practical perspective, Hunters International is simply a scavenger, using the resources of a defunct organization like Hive to boost its own internal structure. This is typically what happens in the ransomware sphere whenever a group is dismantled.

So, how does the new ransomware actor operate? Hunters International relies on the double extortion practice to force the victims into paying. The hackers deploy the encryption tool, locking the victim’s files and downloading all the data they can get.

The victim then needs to bargain with them for the decryption tool, as well as the deletion of the stolen information. If no compromise is reached during negotiations, the hackers will expose the data publicly.

This can result in both reputational and financial losses for the victim.

However, as cybersecurity analysts point out, that usually happens even if the victim does pay the ransom. That’s because there’s no way for the victim to verify that the hackers have kept their word.

The conclusion is simple: don’t negotiate and don’t pay anything.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Hunters International Adds 2 New Victims to its Name

Is Hunters International the New Hive?

Our Mission

Miklos Zoltan

Leave a Comment Cancel