Hunters International Ransomware Targets Two More In The US
Hunters International announced on their public website that they’ve added two more victims to their portfolio. These are US-based companies: Schuster Trucking Company and Griffin Dewatering. Not many details are known about the attack.
- The victims are on the high end of the spectrum with $68 million and $32 million revenue respectively
- It’s unclear whether the victims have negotiated with their attacker, but their apparent deadline was four days
- Hunters International has made a scary reputation for itself relatively fast, given that the ransomware actor emerged in Q3 of 2023
- This organization appears to rely on simple extortion tactics, without encrypting the victim’s systems in the process
The double-extortion practice is common among ransomware actors, but not all extortion rings use it. Others, like Hunters International, prefer to skip the encryption part, mainly to minimize the costs.
Instead, they will only breach the victim’s defenses, steal the target data, and leave a note with contact details. If negotiations are unsuccessful, the attacker will publish the data publicly. Unfortunately, even the negotiations are successful, that doesn’t guarantee anything.
As experts have shown, the attacker may simply sell the data to other ransomware rings after the ransom is paid. These will then extort the victim again, sometimes months later after the initial breach. It’s why most experts advise against paying the ransom.
Even if that implies incurring financial and reputational losses because of it.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Hunters International’s Background
This organization has uncertain beginnings, but there are theories about its inception. The one that holds the most water is that Hunters International is simply Hive reimagined. Hive was once the most powerful and influential extortion ring in the world.
The group was so active, aggressive, and successful that it immediately drew the attention of FBI and CISA. The law enforcement agencies worked in conjunction with their German counterparts to hack the group’s infrastructure and neutralize it.
According to the FBI reports, the feds managed to secure over 300 decryption keys which helped an equal number of victims. This saved victims of a more than $130 million total in losses. Hive’s websites and operations ceased and the group vanished.
Or so it seemed at the time. As specialists have warned time and time again, ransomware and cybercriminal groups in general never truly go away. They often rebrand themselves as different organizations or break into smaller groups.
Hunters International appears to be one such case, with experts identifying overlaps in code and tactics between it and Hive. However, nothing has been confirmed so far. The general consensus is that Hunters International uses some of Hive’s manpower.
The organization targets high-value institutions and corporations primarily, aiming to increase the value of the ransom as much as possible. And because the group doesn’t use the double-extortion method, it needs to extract as much valuable data as possible.
While Hunters International is a young organization, experts warn against its high cybercriminal potential. Cybersecurity analysts suggest working with professionals to improve your defenses, especially if you qualify as a noteworthy target for the group.