In October 2023, a formidable ransomware-as-a-service (RaaS) operation known as Hunters International emerged, rapidly establishing itself as a significant threat in the cybersecurity landscape. This malicious entity is notorious for encrypting victims’ files and appending a distinctive extension: “..Remember_you_got_only_36_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_hunters_Ransomware”.
For example, a file named “document.docx” would be transformed into “document.docx..Remember_you_got_only_36_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_hunters_Ransomware,” rendering it inaccessible without the appropriate decryption key.
Related article: CipherLocker Ransomware Decryption and Removal Using Phobos Decryptor
Infection Vectors and Propagation Methods
Hunters International employs a multifaceted approach to infiltrate target systems:
- Exploitation of Vulnerabilities: Attackers often exploit known vulnerabilities in public-facing applications, such as Oracle Web Servers, to gain unauthorized access.
- Phishing Campaigns: The group disseminates emails containing malicious attachments or links, deceiving recipients into executing the ransomware on their systems.
- Use of Legitimate Tools: Post-infiltration, attackers utilize legitimate network administration software and penetration testing frameworks to navigate within the compromised network, making detection more challenging.
Once inside, the ransomware encrypts files across local drives, connected external storage devices, and network shares. It also deletes Volume Shadow Copies and system restore points, effectively nullifying potential recovery options.
Also read: Pe32s Ransomware Decryption and Removal Using Phobos Decryptor
Ransom Note Details
Upon successful encryption, Hunters International deposits a ransom note titled “HOW TO DECRYPT FILES.txt” in affected directories. This note informs victims of the encryption event and provides instructions for payment and data recovery.
Complete Ransom Note Content
The full text of the ransom note is as follows:
YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON’T WORRY YOUR FILES ARE SAFE.
TO RETURN ALL THE NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM.
PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE
https://coinatmradar.com/ (find a ATM)
hxxps://www.localbitcoins.com/ (buy instantly online any country)
1. Visit qtox.github.io
2. Download and install qTOX on your PC.
3. Open it, click “New Profile” and create profile.
4. Click “Add friends” button and search our contact – 677DD06ED071E4B557FF3D9236ACD21AFECBA485C6643AB84F766060B967DC6E0CFC34DDD9A0
Subject : SYSTEM-LOCKED-ID: 90890423
Payment 10 000$ BTC
The note demands a payment of $10,000 in Bitcoin and directs victims to use the qTOX platform for communication.
Technical Analysis and Evolution
Hunters International’s ransomware is developed in the Rust programming language, which offers several advantages:
- Cross-Platform Compatibility: Rust enables the ransomware to operate seamlessly across various operating systems.
- Enhanced Evasion: The language’s features facilitate the creation of malware that can bypass traditional security defenses.
Notably, the ransomware shares approximately 60% code overlap with the Hive ransomware, suggesting a possible evolution or adaptation from the dismantled Hive group.
Notable Incidents and Victimology
Since its inception, Hunters International has claimed over 200 victims worldwide, targeting a diverse range of industries:
- Financial Sector: In September 2024, the group claimed to have exfiltrated over 5.2 million files, totaling 6.6 TB of data, from the London branch of the Industrial and Commercial Bank of China (ICBC).
- Energy Sector: In August 2024, Anderson Oil & Gas, a family-owned business in Virginia, suffered a ransomware attack leading to significant data breaches.
- Construction Industry: In January 2025, Barber Specialties, a commercial construction company in Texas, was targeted, highlighting vulnerabilities within the construction sector.
The group’s opportunistic approach spans various sectors, including healthcare, automotive, manufacturing, logistics, education, and food industries, affecting organizations in countries such as the United States, United Kingdom, Germany, Japan, and Brazil.
Recommendations and Precautions
To mitigate the risk of Hunters International ransomware attacks, organizations should implement the following measures:
- Regular Software Updates: Ensure all systems, especially public-facing applications like Oracle Web Servers, are up-to-date with the latest security patches.
- Employee Training: Educate staff to recognize and report phishing attempts and suspicious activities.
- Robust Backup Strategies: Maintain regular, offline backups of critical data to facilitate recovery without yielding to ransom demands.
- Network Segmentation: Isolate critical systems to prevent lateral movement within the network.
- Advanced Security Solutions: Deploy reputable antivirus and anti-malware tools capable of detecting and preventing ransomware infections.
In the event of an infection, it is crucial to remove the ransomware promptly to prevent further encryption. However, removal does not decrypt already affected files. Recovery of encrypted data is typically only possible through backups or, in some cases, decryption tools if available.
Recovering Files Encrypted by Hunters Ransomware: How Our Decryptor Can Help?
If your files have been encrypted by Hunters Ransomware, leaving them with the “..Remember_you_got_only_36_hours_to_make_the_payment_if_you_dont_pay_prize_will_triple_hunters_Ransomware” extension, you are facing a serious challenge—restoring access to your files without paying the ransom.
Fortunately, our Phobos Decryptor is the ultimate solution, designed specifically to decrypt files locked by Hunters ransomware quickly, safely, and efficiently. Instead of risking your money by paying cybercriminals—who may never provide a working decryption key—our tool offers a secure, guaranteed, and stress-free way to regain access to your data.
How Our Phobos Decryptor Works?
Phobos Decryptor is a cutting-edge solution built to counter ransomware attacks like Hunters International. It utilizes advanced decryption algorithms to reverse the encryption process, allowing victims to restore access to their files without negotiating with attackers.
Why Choose Phobos Decryptor?
- Specifically Designed for Hunters Ransomware – Our tool is expertly tailored to break the encryption used by Hunters, ensuring the highest chance of successful file recovery.
- No Technical Knowledge Required – The user-friendly interface makes it easy to recover your files, even if you have no prior experience with cybersecurity.
- 100 Percent Safe and Secure – Unlike risky third-party tools, our software ensures data integrity, eliminating any chance of file corruption during the decryption process.
- Immediate Results – Once you start the decryption process, our tool works instantly to restore your files efficiently.
Steps to Recover Your Files Using Phobos Decryptor
If your system has been infected by Hunters Ransomware, follow these simple steps to restore your data using Phobos Decryptor:
- Purchase Phobos Decryptor
 Get the official decryptor from our website, and receive your unique activation key instantly.
- Run the Decryptor
 Launch the decryption software with administrator privileges to ensure full system access.
- Connect to Our Secure Servers
 The tool will automatically connect to our secure servers. These servers are essential for generating the unique decryption key required to recover your files.
- Enter Your Victim ID
 Your Victim ID is typically found in the ransom note or appended to the names of your encrypted files. Input this ID into the decryptor to ensure an accurate and secure decryption process.
- Start the Decryption Process
 Click the “Decrypt” button, and Phobos Decryptor will systematically restore each affected file, recovering them to their original state.
Also read: HsHarada Ransomware Decryption and Removal Using Phobos Decryptor
Why Phobos Decryptor is the Best Choice?
- Proven Effectiveness – Our tool has been rigorously tested to ensure it works against even the most complex ransomware strains like Hunters.
- Guaranteed Data Safety – Unlike other methods that may risk further damage, our tool ensures that your data remains intact throughout the recovery process.
- Dedicated Support – If you encounter any issues, our team is available to assist you with the decryption process, ensuring a smooth recovery.
Recover Your Files Now – Don’t Wait
Time is critical when dealing with ransomware. The longer your files remain encrypted, the higher the risk of permanent data loss. Do not let cybercriminals dictate your access to your own data.
