Ransomware group Hunters International disbands, offers decryption keys to affected parties
In the ever-evolving landscape of cybercrime, a new player has emerged on the dark web. World Leaks, a group potentially connected to the now-defunct Hunters International, is currently active and operating using an extortion-only model. However, no explicit recent updates on World Leaks' operational status or attack methods have been confirmed.
The closure of Hunters International, known for its large-scale data breaches and leaks, was announced earlier this year. The group, infamous for its use of malware, ransomware, and infostealer tools, was notorious for stealing personal identifiable information, credentials, and corporate data.
Recent cybersecurity trends in 2025 have seen a surge in massive data leaks and cyber attacks. One of the most significant incidents was the 16 billion passwords leak in June, considered the largest password compilation breach recorded. Other incidents involve massive repackaged data leaks like the AT&T customer data exposure, consolidating millions of records from earlier breaches into more actionable formats.
Given the nature of similar threat groups, it is reasonable to infer that World Leaks' attacks would involve data leaks, credential theft, and possibly targeted espionage or disruption. While no direct mention of their current operational status or attack methods is present in the recent reports, this inference is supported by the group's apparent connection to Hunters International and the general trends in cybercrime.
World Leaks has made headlines with high-profile attacks on organizations such as Tata Technologies and ICBC's London office. Unlike Hunters International, which offered decryption keys to victims, World Leaks does not provide such a service. Instead, the group invites journalists to sign up for its early warning mailing list to receive information about attacks 24 hours before they are made public.
The leadership of Hunters International previously stated that ransomware had become unpromising, low-converting, and extremely risky. One of Hunters International's more egregious acts came shortly after it formed in 2023, attacking a US plastic surgery clinic and leaking patients' pre-op body images. Despite this, Hunters International's commitment to supporting affected organizations remains a priority as they conclude their operations.
World Leaks' dark web page is constructed in a similar style to Hunters', currently listing 31 victims. The decryptors offered by Hunters International will not be publicly available but will be provided upon request. After the group's April admission that it would be abandoning ransomware, researchers at Group-IB predicted that the same team behind Hunters would rebrand as World Leaks.
The closure of Hunters International may be related to recent developments, but the exact reasons have not been explained in detail. In its final statement, the group encouraged victims to visit their official website for decryption tools and recovery process guidance. Hunters International's statement also mentioned changes happening in the world that recognize ransomware as terrorism.
As the battle against cybercrime continues, it is crucial for individuals and organizations to remain vigilant and take necessary precautions to protect their data. Monitoring intelligence briefings and specialized cybersecurity reports will provide the most accurate and up-to-date information on the activities of groups like World Leaks and their connection to Hunters International.
- The rise of World Leaks in the dark web, once linked to the now-defunct Hunters International, has sparked concerns in the realm of AI, cybersecurity, and cloud technology, particularly regarding data security and privacy.
- Given the connections between World Leaks and Hunters International, it is plausible that World Leaks may employ similar tactics, such as data leaks, credential theft, and targeted espionage or disruption.
- The shift from ransomware to extortion-only model by World Leaks mirrors the trending cybersecurity news in 2025, marked by an increase in massive data leaks and cyber attacks.
- In the realm of crime-and-justice and general-news, the surveillance and analysis of dark web activities related to World Leaks are crucial to mitigating risks and fostering a more secure digital environment for all.
