Hunters International Targets Massive US Energy Player
Hunters International announced that they’ve breached US-based Central Power Systems and Services. This is a high-value target for the hackers, with $71 million in revenue and 275 employees.
- It’s unknown how much data the hackers have managed to download or what type
- According to the original post, Central Power Systems and Services has little over 2 days at their disposal to contact the hackers and negotiate
- Hunters International is currently a global-reaching ransomware gang working as an RaaS entity
- The most widespread theory is that Hunters International is the successor of the defunct Hive
Despite taking a dive in 2022, the global trend of ransomware attacks has increased dramatically in 2023. This is both due to veteran gangs increasing their activity and newcomer groups trying to make a name for themselves.
Hunters International is among the latter, after announcing its presence publicly in October of 2023. The group showcased a lot of code and tactic similarities to Hive, the former infamous ransomware organization. Hive was terminated by the FBI in January of the same year.
Hunters International themselves haven’t denied the allegations but with a twist. They admitted that they were the ones who reportedly “bought” Hive’s code. However, they claimed that 60% or more was unusable due to bugs and poor writing.
As a result, they’ve had to change and improve the code dramatically to be able to use it properly. But how come it’s Hunters International, a virtually unknown actor, that managed to acquire Hive’s code?
Why didn’t any of the other veteran and more resourceful ransomware groups do that? One theory is that Hunters International is nothing more than Hive itself after undergoing a massive makeover.
This is standard practice for ransomware groups hunted by the FBI. They often rebrand themselves, redistribute their resources, code, and manpower, and take on a new identity. This takes some of the heat off their tail, allowing them to reorganize and reinvent themselves.
Is Hunters International Actually Hive?
The signs are there, but nothing has been confirmed yet. Ultimately, it doesn’t even matter because Hunters International themselves are dangerous on their own. They don’t need to be attached to Hive to make an impact.
Hunters International currently operates as a RaaS (Ransomware-as-a-Service) organization with global reach. The group is very versatile with its MOs and tactics and targets victims from all industries. The gang is also known to cover its tracks extremely well.
So, what should you do if you get breached by Hunters International? This is a scary prospect, especially if you’ve never been attacked by a ransomware actor. The solution is simpler than you might suspect, but not everybody can stomach it: refuse negotiations.
This is what most cybersecurity experts will advise you. Do not negotiate, do not contact the hackers for any reason, and, it goes without saying, do not pay the ransom. Paying the ransom does nothing aside from marking you as a “vulnerable target.”
This means that the hackers will put you on their “to re-visit” list, and that’s the last thing you want.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
