Hunters
Hunters è un'organizzazione che offre servizi di ransomware-as-a-service, apparsa per la prima volta sulla scena degli attacchi informatici nel 2023. Essa rappresenta un rischio significativo per le organizzazioni di ogni settore e dimensione.
The origin of Hunters International ransomware
Hunters International emerged in late 2023 in what industry experts identified as an attempt to reignite ransomware code from a previously shut down cybercrime organization. That code was originally used by Hive, a destructive operation that extorted more than $100 million from some 1,500 victims.
Shortly after the FBI disrupted Hive, its operators passed their code on to a new group called Hunters International. The handoff was discovered by security researchers following a spate of new ransomware samples using remarkably similar source code.
Since then, the group has successfully compromised victims in at least two dozen countries.
Countries targeted by Hunters Ransomware Group
As the name suggests, Hunters International targets organizations worldwide. At last count, the group has compromised victims in approximately 30 countries. From Canada to New Zealand, organizations are targeted more for their vulnerability and likelihood to pay a ransom than their locales. To date, the United States has experienced the most number of Hunters International victims.
Industries targeted by Hunters Ransomware Group
Hunters International victims include organizations across a wide range of industries, from healthcare to manufacturing to the finance, education, and automotive sectors. This indiscriminate style means the group poses a significant risk to organizations of all sizes and industries.
Hunters Ransomware’s victims
To date, 285 victims have fallen prey to Hunters International ransomware.
Hunters Ransomware attack method
Hunters International typically gains access with social engineering and phishing campaigns designed to trick employees into downloading and executing malicious files. The group is also known for leveraging the Remote Desktop Protocol (RDP).
In some instances, Hunters International impersonates legitimate port scanning programs to install malware and obtain IT employee access. Once inside the network, the group grants itself higher levels of admin access.
Hunters International evades detection by using seemingly legitimate methods to gain access and move laterally.
Hunters International ransomware is written in Rust, a language favored for its resilience to reverse engineering and robust control over low-level resources.
The malware encrypts files using a combination of different ciphers, embedding the encrypted key within each file. This approach simplifies the decryption process for victims who pay the ransom while complicating efforts to counteract the malware.
Hunters International has been responsible for significant data breaches, financial losses, and lasting brand reputation damage.
Hunters International typically gains access with social engineering and phishing campaigns designed to trick employees into downloading and executing malicious files. The group is also known for leveraging the Remote Desktop Protocol (RDP).
In some instances, Hunters International impersonates legitimate port scanning programs to install malware and obtain IT employee access. Once inside the network, the group grants itself higher levels of admin access.
Hunters International evades detection by using seemingly legitimate methods to gain access and move laterally.
Hunters International ransomware is written in Rust, a language favored for its resilience to reverse engineering and robust control over low-level resources.
The malware encrypts files using a combination of different ciphers, embedding the encrypted key within each file. This approach simplifies the decryption process for victims who pay the ransom while complicating efforts to counteract the malware.
Hunters International has been responsible for significant data breaches, financial losses, and lasting brand reputation damage.
TTPs used by Hunters Ransomware
How to Detect Hunters Ransomware with Vectra AI
Migliaia di aziende si affidano a potenti sistemi di rilevamento basati sull'intelligenza artificiale per individuare e bloccare gli attacchi, prima ancora di ricevere una richiesta di riscatto.
Domande frequenti
What is Hunters Ransomware?
Hunters International is a ransomware-as-a-service (RaaS) operation that emerged in late 2023. It’s known for targeting a wide range of industries across the globe.
What is Hunters International's connection to Hive Ransomware?
Hive was a ransomware group taken down by the FBI in late 2023. Shortly after its operations were disrupted, security researchers identified a match between Hive’s code and the code used by a new ransomware group called Hunters International. This led to the theory that Hive sold its assets to Hunters International.
What techniques does Hunters International use to compromise organizations?
Hunters International employs a double extortion strategy, combining data encryption with data exfiltration. They threaten to leak stolen data on their data leak site if ransom demands are not met.
What code does Hunters International use?
Hunters International ransomware is written in the Rust programming language, known for its efficiency and security features. Notably, the group has streamlined the encryption process by embedding encryption keys within encrypted files, using a combination of encryption methods.
Which industries are targeted by Hunters International?
Demonstrating a non-discriminatory approach, Hunters International has targeted organizations across various sectors, including the healthcare, automotive, manufacturing, logistics, financial, educational, and food industries.
What countries are targeted by Hunters International?
Hunters International, as the name suggests, has a global reach. Victims have been identified in France, Germany, Australia, Brazil, Canada, Japan, Namibia, New Zealand, Spain, the United Kingdom, and the United States — plus many more countries. This opportunistic targeting strategy underscores their focus on exploiting vulnerabilities across a wide range of industries and regions.
What are the implications of a Hunters International attack?
Hunters International victims face significant losses, both financially and in terms of reputation. For example: In September 2024, Hunters International claimed responsibility for breaching the London branch of the Industrial and Commercial Bank of China (ICBC). The group stole more than 5.2 million files and swiped 6.6 TB of data.
How can organizations detect and respond to Hunters International attacks?
Organizations can enhance detection and response capabilities by implementing a strong AI-driven threat detection platform. This equips SOC teams with the intel they need to find and stop ransomware activities in real time.
What are the best ways to prevent a Hunters International attack?
To mitigate the threat posed by Hunters International and similar ransomware groups, cybersecurity professionals should conduct regular backups, train employees to recognize phishing attacks, and ensure all systems and software are up-to-date with the latest patches. In addition, AI-driven detections help identify attackers post-compromise, before they can launch ransomware.
How many organizations have already been impacted by Hunters International?
At last count, 231 organizations had been hit by Hunters ransomware. This includes 123 attacks in the U.S. alone.