At the beginning of 2025, it appeared that Hunters International was abandoning encrypting victims and was re-branding as World Leaks. But Hunters kept updating their leak site with new encryption incidents instead of going extortion-only and becoming World Leaks. A World Leaks spokesperson subsequently informed DataBreaches that they had parted company with Hunters International over the use of encryption:
We were a part of them but separated due to differences in views and ideas.
The main difference is that we don’t want to harm businesses by blocking their operability.
Data extortion is a much better business model because it doesn’t render companies inoperable and boosts overall cybersecurity to protect private customers’ data.
Now Hunters International has removed all listings from their leak site and posted an important notice:
Project Closure and Free Decryption Software for Affected Companies
We, at Hunters International, wish to inform you of a significant decision regarding our operations. After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with.
As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.
We understand the challenges that ransomware attacks pose, and we hope that this initiative will help you regain access to your critical information swiftly and efficiently. To access the decryption tools and receive guidance on the recovery process, please visit our official website.
We appreciate your understanding and cooperation during this transition. Our commitment to supporting affected organizations remains our priority as we conclude our operations.
There is nothing on their site at this time, though, that gives guidance or a decryptor. Victims may have to wait to get the help Hunters says they are now offering.
DataBreaches reached out to World Leaks to ask them if now that Hunters was abandoning encryption, if Hunters and World Leaks would collaborate as originally planned. A spokesperson responded:
We no longer communicate. Our development team left Hunters International a long time ago.
So maybe Hunters is really just shutting down this one project and they will announce a new one at a later date. Or maybe they are just shutting down. Or perhaps World Leaks has lied to DataBreaches as disinformation. Time will tell.
Updated to add response from World Leaks and comment following it.
Update 2: Victims of Hunters may have to login to the server they were instructed to login to for negotiations and payments to get the decryptor information. In other updates, Kevin Poireault reports:
Speaking to Infosecurity, a Group-IB spokesperson said the firm’s threat intelligence analysts assessed “with high confidence” that World Leaks is a project operated by individuals previously involved in the administration of Hunters International.
Although the group behind Hunters International has not publicly acknowledged any connection to World Leaks, the Group-IB spokesperson said their research indicated that internal communications suggested a coordinated transition to World Leaks.
“The absence of any reference to World Leaks in [the July 3] message appears intentional and is likely designed to control the narrative and delay attribution,” they added.
Read more at Infosecurity.