Hunters Worldwide ransomware gang closes after 55 confirmed and 199 unconfirmed cyberattacks. Examine its rebrand to World Leaks and its influence on healthcare and companies.
A outstanding ransomware-as-a-service group ‘Hunters Worldwide’ has formally declared its shutdown, efficient at present, July 4, 2025. Lively for roughly two years, and speculated to be a revival or successor to the infamous Hive Ransomware (dismantled by international regulation enforcement in January 2023 after extorting over $100 million), Hunters Worldwide gained notoriety for its double extortion ways.
This concerned each encrypting sufferer knowledge and stealing it for public launch if a ransom wasn’t paid. Nevertheless, safety researchers have indicated that this closure is much less a retirement and extra a strategic junction, with the group already working below a brand new title: World Leaks.
A Legacy of Breaches and Calls for
Comparitech researchers have investigated and confirmed 55 ransomware assaults claimed by Hunters Worldwide, with an extra 199 unconfirmed claims. These confirmed breaches resulted within the compromise of no less than 3.25 million private data.
The healthcare sector was notably arduous hit, accounting for two.9 million of these compromised data throughout 19 assaults on hospitals and clinics. Companies noticed 55 confirmed assaults, with producers being probably the most frequent goal (12 assaults). Authorities entities and faculties additionally fell sufferer, with 16 and a pair of confirmed assaults, respectively.
Hunters Worldwide not often made its ransom calls for public. Nevertheless, two notable cases emerged: Hoya Company in Japan was hit with a $10 million demand in March 2024, and Azienda USL di Modena in Italy refused to pay a $3 million ransom in November 2023.
A few of the largest knowledge breaches attributed to Hunters Worldwide within the US embody Fred Hutchinson Most cancers Centre (1,840,927 individuals affected in November 2023), Omni Household Well being (468,344 individuals in August 2024), and Arisa Well being (375,436 individuals in March 2024). In a daring transfer, Hunters even contacted particular person sufferers from Fred Hutchinson Most cancers Centre, demanding $50 to delete their stolen knowledge.
This RaaS operation claimed 24 sufferer organizations solely in November 2024, Forescout reviews, with a mean of 1 per day (10 within the US, 2 within the UK, 7 within the EU, 3 in South America, and a pair of in Asia).
World Leaks
Menace intelligence agency Group-IB reported in April 2025 that Hunters Worldwide was within the strategy of rebranding to World Leaks. This new operation focuses solely on knowledge theft and extortion, abandoning the encryption side of conventional ransomware.
Rebecca Moody, Head of Information Analysis at Comparitech, commented on this shift, suggesting it’s not a change of coronary heart however quite a transfer in the direction of a “probably extra profitable” income stream in knowledge theft. She famous that World Leaks is “not a ransomware gang” because the “ware” (encryption) is critically lacking from their assaults.
World Leaks has already claimed accountability for 33 assaults, together with on Chain IQ (Switzerland) and Freedom Healthcare in Colorado. In a stunning improvement, Hunters Worldwide has acknowledged it’s going to supply free decryption software program to firms that have been contaminated by its ransomware however haven’t but paid a ransom.
Nevertheless, Moody believes many victims can have already restored their methods, rendering the supply largely symbolic given the group’s inactivity in new encryption assaults since Might 2025. Nonetheless, this transition marks a big evolution within the cybercrime neighborhood, with knowledge extortion changing into an more and more prevalent and focused risk.
