Hunters International Ransomware Infiltrates US and Canada-Based Companies

By Miklos Zoltan . 26 January 2024

Founder - Privacy Affairs

Fact-Checked this

Hunters International attacks 4 American and Canadian, each with hundreds of employees and considerable revenue. The victims didn’t discuss the attacks publicly.

Hunters International isn’t as active as other ransomware actors, but they pose a serious threat nonetheless
Thorite Group and Tamdown from the UK have 300 and 600 employees respectively, making them noteworthy targets for the cybercriminal organization
The other 2, Charles Tent from UK and Innovative Automation from Canada, only have 81 and 102 employees respectively
Hunters International posted evidence of the attack on their TOR website and gave the victims a deadline for negotiations

The ransomware organization hits pretty much indiscriminately, targeting small, medium, and large corporations equally. The group is financially motivated, so they will always go where the money is.

While Hunters International is pretty much unknown in the cybercriminal world, their profile and roots speak for themselves. It is believed that Hunters International is the successor of Hive, one of the most dangerous ransomware actors in the world.

X showing the Hunters International attack on the 4 victims — https://twitter.com/FalconFeedsio/status/1750435841150001349

The problem is that the FBI, along with its German counterparts and other organizations, managed to crack down on Hive at the end of 2023. They managed to both destroy Hive’s public presence and eliminate its structure as a whole.

As a result of the operation, the FBI supposedly secured 300 decryption keys, which were active for victims under attack at that point. A total of 1,000 more decryption keys were recovered afterwards and made public to prevent future attacks.

Who Is Hunters International Really?

The operation that terminated Hive revealed that Hunters International shares approximately 60% of the ransomware code with the now defunct Hive. This is too large of a percentage to be mere coincidence.

So, the current theory is that Hunters International is Hive in disguise, formed out of the remains of the latter. This means that this novel organization is actually extremely potent and dangerous, although it may not seem at this point.

Hunters International hasn’t been particularly active since its inception, which could only be due to the group trying to stay low. The organization became active shortly after Hive’s demise, so it still ranks as a very new entity.

Despite this appearance of mediocrity, experts warn that Hunters International bear the signs of a future global threat. They advise those at risk to strengthen their ransomware protection and rely on experts to secure their networks against unwanted intrusions.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Hunters International Ransomware Infiltrates US and Canada-Based Companies

Who Is Hunters International Really?

Our Mission

Miklos Zoltan

Leave a Comment Cancel