Hunters International Ransomware Hit a German Target
Infamous Hunters International announced another victim recently, Paulmann Licht, from Germany. The company packs a revenue of around $57 million with over 330 employees, making it a valuable asset for the hackers.
- The hackers gave the victim little over 2 days to contact them to complete the negotiations
- Hunters International didn’t disclose any information regarding the value of the ransom or the terms of the negotiation
- The hackers posted the evidence regarding the incident on their TOR platform
- Ransomware attacks have been on a steady growth throughout 2023, and the trend seems to stay on course for the current year
Hunters International isn’t particularly active, at least not to the level of more well-established ransomware actors. However, the group does show impressive resilience and adaptability. The hackers often hit major organizations, which hints at their cybercriminal proficiency.
It’s unclear how effective the organization is at extorting their victims and actually obtaining the ransom, though. Data shows that only a small portion of the victims decide to pay the ransom, while the rest refuse negotiations.
But, given that Hunters International hackers aren’t particularly active, what makes them so frightening? One reason is that the organization appears to be very resourceful and modern. The hackers use advanced tools and effective tactics to breach their victims.
The code and tactics profile bear stunning similarities with the now-defunct Hive. The latter was once one of the most influential and feared ransomware actors in the world.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Is Hunters International a Successor to Hive?
Most cybersecurity analysts lean towards a “yes.” Hunters International showcases most of the technical and operational perks that were once associated with Hive. This includes the structure, the tactics, and much of its code.
As specialists explain, this is not a coincidence. Hive was dissolved in early 2023, following a targeted FBI operation. But, as we know by now, ransomware groups never go away entirely. Instead, they redistribute their assets and rebrand themselves under a different name.
Hive, Conti, and Royal are just 3 of the numerous examples of ransomware organizations that have done that. The common agreement today is that Hunters International is simply Hive doing business as usual under a different name.
Ransomware gangs do this either as a last resort or as a means of prevention, knowing that law enforcement agencies are already zooming in. The tactic allows them to lose some heat and reorganize.
In terms of actual tactics, Hunters International sticks to the tried-and-tested double extortion practice. The hackers will encrypt the victim’s system and download sensitive data that they will use as leverage during negotiations.
If the victim chooses to negotiate and pay the ransom, they will provide the decryption key and take it upon themselves to delete the stolen data. Naturally, the latter doesn’t always happen, which is why cybersecurity experts advise against contacting the hackers.
In most cases, the hackers will simply keep the data to themselves or sell or share it with other cybercriminal gangs. This explains why so many victims get extorted and targeted multiple times during a year, following one poorly-handled ransomware breach.