The notorious ransomware-as-a-service (RaaS) operation Hunters International has officially announced its closure. They removed its data leak site and offered free decryptors to previous victims. However, cybersecurity experts warn that this may not be the end of the group. It might rather be a strategic rebranding under the new name “World Leaks.”
Hunters International Calls It Quits
In a message posted on their darknet leak portal on July 3, 2025, the group stated that after careful consideration, they had decided to shut down operations. As part of their exit, they offered free decryption software to all impacted companies. Thus, allowing them to recover encrypted files without paying ransoms.
The group expressed a desire to make amends by helping past victims. However, many security researchers remain skeptical of these claims.
World Leaks: The New Face of Extortion
Despite the shutdown announcement, threat intelligence analysts believe Hunters International is far from disappearing. Instead, the operation appears to be shifting tactics, rebranding as “World Leaks,” a data extortion group that no longer relies on file encryption but instead focuses on stealing sensitive data and threatening to publish it unless a ransom is paid.
Group-IB researchers noted that World Leaks uses the same infrastructure and victim communication techniques as Hunters International, indicating a direct link between the two entities. World Leaks has already listed more than 30 victims on its new extortion site.
Free Decryptors: A PR Move?
While Hunters International claims to be offering free decryption tools, cybersecurity experts caution that this could be a public relations stunt aimed at misleading law enforcement or bolstering the group’s reputation before the rebrand. Previous incidents have shown that ransomware groups often make false promises of retirement only to return under different names.
Luke Connolly from Emsisoft commented, “Whether their offer of free decryption keys is genuine remains uncertain. Ransomware groups are known for deceptive tactics.”
The Rise of Extortion-Only Threats
The potential rebranding of Hunters International to World Leaks highlights a growing trend among cybercriminals: the shift from file-encrypting ransomware attacks to pure extortion schemes. This approach allows threat actors to avoid the complications of encryption while still inflicting significant harm and extracting payments from victims.
Cybersecurity teams are advised to stay vigilant and adapt to these evolving threats, focusing on robust data protection, incident response readiness, and employee awareness training.
Final Thoughts
The supposed shutdown of Hunters International and its possible transformation into World Leaks underscores the constantly shifting nature of the cybercrime landscape. While one threat may seem to vanish, it often resurfaces in a new form with modified tactics. Organizations must remain proactive, not only by strengthening technical defenses but also by fostering a security-first mindset across all levels. In the face of such adaptable adversaries, resilience and preparedness are key to minimizing the impact of future attacks.
