The ransomware gang known as Hunters International announced on its dark web page Thursday that it is shutting down. 

“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the hackers wrote in a post, without clarifying what specific developments it was referring to. “This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with.”

The hackers also said they are offering free decryption keys “to all companies that have been impacted by our ransomware.”

“Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms,” wrote the gang, which asked victims to visit its official site to obtain the decryption keys and to recover the encrypted files.

At the time of writing, there is no such information on the website. 

Hunters International has claimed several victims in its two years of existence, including a U.S. cancer center, and the U.S. Marshals Service; although, the law enforcement agency denied having been hacked by the cybercrime gang.

Several ransomware gangs in the past have released their victims’ decryption keys then shut down, each of them for different reasons. Some shut down only to return under a new name, perhaps in an attempt to confuse researchers and law enforcement agencies, and sometimes to escape sanctions. Others decided to call it quits after obtaining enough funds to retire.

In the case of Hunters International, it’s still too early to tell what the gang’s motivations are for shutting down, but there were signs as far back as April that point to a rebrand and transition to a group called World Leaks, according to Allan Liska, a threat intelligence analyst at cybersecurity firm Recorded Future. 

“I think this is more of a ‘cutting of ties’ with the old infrastructure,” said Liska, who has been tracking ransomware for years. “As far as releasing decryption keys, at this point they aren’t likely to make any money from any Hunters’ victims who are still out there, so they probably see it as a gesture that doesn’t really cost them anything.”

World Leaks group uses a new ransomware software and has a new site hosted elsewhere, but the people behind it may be the same, said Liska.

Liska said the reason for the gang going dark may be that “using the same technical infrastructure too long makes you more vulnerable to law enforcement,” referring to Hive, a ransomware gang that was seized and shut down by the FBI in 2023. 

“Or, they got wind that law enforcement was closing in and decided to get ahead of them,” he said.