- Hunters International hit many private and public units including Tata and Telecom Namibia
- The group says it is resolution “In the light of the recent events”
- It even released decrypting keys to their victims
A major ransomware operation has announced a complete shutdown and public release of decrypt keys – but some are skeptical that this is the last we have seen of this particular group.
The operators, known as Hunters International, published a brief message on their dark site and informed their supporters, affiliated businesses and the wider cybercrimal community that they will no longer operate.
“After careful consideration and in the light of the recent development, we have decided to close Hunters International Project,” the message reads. “This decision was not made easily, and we recognize the influence it has on the organizations we have interacted with.”
Callback phishing
While the group mentions “recent developments”, it does not elaborate, so we do not know if this means that they were seized by law enforcement or they simply blackmailed enough money to call it ceased.
TechcrunchOn the other hand, there may be a third opportunity-a smoke-and-spacing effort to throw the police off. Discussing the matter with threat information analyst from recorded future, Allan Liskea, Techcrunch Learned that the group may be converted to World Cups.
“I think this is more of a ‘cutting of ties’ with the old infrastructure,” Liske told the publication. This would not be the first group that redirected to try to hide their tracks.
After the colonial pipeline attack, Darkside was redirected to Blackmatter, and later Alphv/Blackcat, and Revil (Sodinokibi) were preceded by Gandcrab.
As for releasing decryption keys, although commendable, it doesn’t matter much to attackers, Liske claims. These are mostly older victims who nevertheless did not intend to pay, so for the group – nothing was lost.
“As for the release of decryption keys, at this point, they probably won’t make money on any hunter’s victims who are still out there, so they probably see it as a gesture that doesn’t really cost them anything,” Liske concluded.
