One of the most dangerous ransomware kits around might have just gotten a rebrand
Chances are, one of the most dangerous ransomware operators in the world – Hive – just got a new name.
Earlier this month, security researchers discovered a new player in the ransomware game called Hunters International. The group’s focus isn’t so much on encrypting their victims’ endpoints as it is on data theft, and so far it has only managed to compromise one victim: a British school.
However, the group’s encryptor is strikingly similar to Hive’s. More than 60% of the code overlaps with that of the Hive ransomware, researchers say, with some even going so far as to identify the exact version of Hive that has been renamed: version 6.
Dismantled by the FBI
Hunters International, however, is having none of it. The group claims to have purchased not only the encryptor’s source code, but also the website and the old Golang and C versions. The group also claims that Hive’s encryptor had a number of bugs that have been fixed.
If both groups were active at the same time, there would be no more confusion as to whether they were the same or different operators. As things stand, that’s unlikely to happen, as Hive’s operations were shut down after the Tor payment and data breach site was seized by police early this year.
Hive had 250 affiliates, according to BleepingComputer, which allowed the FBI to infiltrate the network and maintain a low profile for six months, gathering intelligence and mapping the group. Before the seizure, Hive breached more than 1,300 companies and extorted more than $100 million from its victims.
The FBI’s work resulted in a decryption key distributed to more than 1,300 victims.
To avoid being targeted by law enforcement, most ransomware groups today refrain from attacking critical infrastructure organizations, state-owned organizations, or healthcare institutions.
Through News/security/new-hunters-international-ransomware-possible-rebrand-of-hive/” target=”_blank” data-url=”https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/”>BleepingComputer