Hunters International Targets $280 Million Company
Hunters International announced that they’ve just breached a US-based company worth in excess of $280 million and 300 employees. The company in question is Inszone Insurance Services.
- According to the original post, the hackers are in possession of 4 packets of data, but it’s unclear what that amounts to in GB
- The hackers haven’t posted any additional details about the operation aside from the date of the breach and a short summary of the company
- Hunters International is a high-profile ransomware actor that some have linked to the now-defunct Hive
- The hackers themselves have admitted to purchasing Hive’s source code, but they rejected the theory that Hunters International is linked to Hive in any capacity
Despite coming publicly in October 2023, Hunters International made a name for itself fast. So fast that some have suspected the group to be a mock-up organization. These mock-up groups are used by legitimate cybercriminal actors to cover their tracks.
However, Hunters International has denied all claims and stated clearly that they’re legitimate. This appears to support the group’s overall cybercriminal profile and activity in recent months. Hunters International has been operating as a genuine ransomware gang.
Hunters International is among the youngest ransomware gangs today that have achieved a global reputation in a matter of several months. It usually takes more than a year for a normal ransomware group to make such an impact.
This suggests that the cybercriminal group is highly competent and resourceful and works with high-end tools. Which they have admitted anyway when they confirmed to having bought 60% of Hive’s source code.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Should You Negotiate with Hunters International?
The simplest answer is no. Most, if not all, cybersecurity experts advise against negotiating with any ransomware actor. That’s because negotiating and paying the ransom only guarantees getting the decryption tool.
Street-smart ransomware organizations will always provide the decryption key to prove their good faith. This helps them build a somewhat positive reputation as that ransomware group that keeps its word. Which is useful if you want future victims to pay the ransom.
But the same cannot be said about the deletion of the stolen data. The problem is that the victim cannot verify whether the hackers have kept their word in this regard. Ransomware hackers will invariably confirm the deletion of the data to gain the victim’s trust.
But, as data shows, that’s simply not what they’re typically doing. Instead, they keep the data for themselves for later use. Or sell or share it with other cybercriminal entities which opens the door to an entire array of issues.
This explains why ransomware victims are often breached multiple times, sometimes by different groups shortly after the initial attack. So, is Hunters International trustworthy in this sense?
Obviously not. Which is why cybersecurity analysts advise against paying the ransom. The standard advice is to take the hit of the lost data and move on. Where “moving on” means collaborating with actual cybersecurity specialists to upgrade your defenses.