Hunters International Ransomware Group Gives Free Decryptor After Being Shut Down

The Hunters International threat group reported the shutdown of its operation and stated that it will publish the decryption keys to enable its ransomware attack victims to retrieve encrypted files at no cost. This Russian-speaking ransomware-as-a-service group finds affiliates to break into company systems and encrypt files in return for a portion of the generated profits. The group had no doubts regarding attacking HIPAA-covered healthcare companies, after 18 months of claiming many victims.

A notice on the group’s website states that, because of recent trends, the group has made a decision to shut down the Hunters International project. As a sign of goodwill, the group offered to share the decryption software for free to all companies impacted by their past ransomware attacks. Their goal is to help victims recover their encrypted information without paying ransoms.

Ransomware groups frequently shape-shift, closing down their operation, then starting again with a new name, encryptor, and structure. Hunters International seems to have actually begun that process after launching World Leaks at the beginning of 2025. Its data leak website posts victims’ names and leaks stolen information if no ransom is paid. The new data leak started with a different group’s strategies. The group considered leaving ransomware to focus on stealing data and extortion. It is presently uncertain if the operation shutdown is connected with the launch of World Leaks.

The group wrote on its website that it knows how costly and difficult it is to deal with ransomware attacks. Through offering access to its decryption tools, it hopes to help victims get access to their important data quickly and efficiently. Instructions to get the decryption tools along with assistance on the recovery procedure are available on The Hunters International’s official website. However, the free decryptor is not yet downloadable from its website.

Some people believe that Hunters International is a rebrand of the Hive ransomware group. Hive ceased operations after a global law enforcement operation. In July 2022, the Federal Bureau of Investigation (FBI) gained access to the group and, together with some law enforcement bureaus from other nations, took control of its servers. The Department of Justice announced the takedown of Hive in January 2023, then Hunters appeared in October 2023. Hunters claims it deploys the Hive encryptor after buying the source code from the group and wasn’t a rebrand of the Hive group.

In spite of creating World Leaks, the group still adds encryption attack victims to its data leak site. A World Leaks site representative said they separated from Hunters International some time back. That suggests that World Leaks is another threat group. Considering that statement, Hunters International might have chosen to permanently shut down its operation, though the group might just transform itself using a new name later.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown