‘Hunters International’ Cyberattackers Take Over Hive Ransomware

/in


The FBI may have successfully disrupted the destructive Hive ransomware operation earlier this year, but the group’s malware code continues to present a threat to organizations everywhere.

In October, a security researcher’s analysis of a ransomware used by new group called Hunters International showed substantial code overlaps with Hive ransomware. A subsequent analysis by Bitdefender found the same similarities, leading researchers at the security vendor to conclude that Hive operators have handed off their crown jewel to another threat actor.

A Strategic Dark Web Decision?

“It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters International,” Bitdefender said in a recent report. “While Hive has been one of the most dangerous ransomware groups, it remains to be seen if Hunters International will prove equally or even more formidable.”

Hive was one of the most active ransomware groups at the time the FBI, in concert with counterparts in Germany and the Netherlands, hacked into the group’s infrastructure and systematically neutralized it over a seven-month period.

During that time, investigators captured over 300 decryption keys from Hive operators and handed them off to victims who were under active attack, saving them a cumulative $130 million in losses. Investigators also found — and handed over — an additional 1,000 decryption keys associated with victims of earlier Hive group attacks. The FBI and its partners seized control of websites and servers that Hive was using at the time, effectively shutting down its operational capabilities.

Emerging Threat

In the months since then, Hive’s operators appear to have transferred their code to Hunters International, a threat group with a relatively low number of victims at the moment but with a mature toolkit and a seeming eagerness to show its capabilities.

“Reputation plays a critical role in the ransomware-as-a-service model, and after the disruptions and months-long law enforcement breach of the Hive ransomware group, Hunters International faces the task of demonstrating its competence before it can attract high-caliber…

Source…