Cybersecurity Snapshots - Hunters International Ransomware Group

By aekwall 

The FBI may have successfully disrupted the destructive Hive ransomware operation in 2023, but the group's malware code continues to present a threat to organizations everywhere. According to security researchers at Bitdefender, Hive ransomware operators transferred their code to a ransomware group called Hunters International. Hunter International was first observed in November 2023 and has since ramped up its operations and became a bigger problem for organizations.

The threat actors behind Hunters International have announced that they are not a rebranded version of Hive but an independent group using Hive malware and infrastructure. The researchers at Bitdefender said this seems to be true as the group's primary focus appears to be on extortion via data exfiltration rather than data encryption, which differs from the Hive operation. The researcher's analysis of the malware also shows that Hunter International is using logging, which the researchers say is a common indication that the group has adopted the code from someone else. The researchers noted that when a new developer, such as Hunter International, acquires or inherits code, enabling logging and debugging is a crucial step in understanding and improving that code. Logging offers insights into how the code operates, tracks errors, and helps debugging and improving the malware.

According to security researchers at Cyfirma, Hunter International saw a significant surge in victims in April 2024, marking a 66.67% increase compared to March. The researchers noted that victim organizations are mostly located in the United States. The researchers said that Hunter International's targets varied widely in terms of revenue, ranging from $5 million to $3.4 billion, indicating a lack of specific targeting and impacting a broad range of organizations of varying revenue scales. Some of the organizations targeted include: Hoya Corporation, Schuster Trucking Company, and Griffin Dewatering. Hunter International's favorite target is the healthcare sector. Some of their victims in the healthcare sector include Bradford Health, Blackstone Valley Community Health Care, Fred Hutchinson Cancer Research Center, Azienda USL di Modena, Covenant Care, Crystal Lake Health Center, and Deegenbergklinik.

Hunter International's victim list is expected to keep growing, so it is important for companies to take the threat of falling for a ransomware attack seriously. To help prevent falling for a ransomware attack, security researchers at Cyfirma recommend that organizations strengthen cybersecurity measures, conduct employee training, conduct incident response planning, patch systems and software regularly, have network segmentation, and enable multi-factor authentication on accounts where possible.

To see previous articles, please visit the Cybersecurity Snapshots Archive.