Ransomware gang Hunters International has shut up shop and offered decryption keys to all victims as a parting favor. Announcing the news on Thursday morning, the gang deleted all victim data from its dark web leak site and issued a statement confirming its closure.
“We, at Hunters International, wish to inform you of a significant decision regarding our operations,” it said. “After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with.”
Read more…
Source: MSN News
Sign up for the Cyber Security Review Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Google Authenticator: The Hidden Mechanisms of Passwordless Authentication
March 23, 2026
Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target the most common implementations, the places where usability, scale and architecture intersect. Focusing on one of ...
- Phishing campaign abuses Microsoft Azure Monitor alerts
March 23, 2026
Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot. Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and ...
- Trio-Tech International hit by ransomware attack
March 23, 2026
Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed. The California-based semiconductor testing and burn-in services outfit said it detected a ransomware incident at a Singapore subsidiary on March 11, which led to the encryption of “certain files” ...
- Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets
March 20, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to ...
- Cambodia: 9 foreigners nabbed in Phnom Penh cyber-scam raid
March 20, 2026
Eight Chinese nationals and one Malaysian were detained during a raid on a gated community in the capital on Wednesday. A joint force from the Phnom Penh Administrative Unified Command raided a property in the Borey Peng Huot development, located in the Niroth area of Chbar Ampov district. During the operation, officers seized 247 mobile phones ...
- Hasta la vista, Hastalamuerte: An Overview of The Gentlemen’s TTPs
March 19, 2026
In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that ...