Ransomware Intelligence

worldleaks Ransomware Group

Ransomware group profile

113Victims
RussiaSource country
74Impact score
Also Known As
Hunters International

Description

WorldLeaks is a cyber threat group that emerged in January 2025 as a rebranding of Hunters International, focusing on a pure data extortion model instead of traditional ransomware. They have developed a comprehensive Extortion-as-a-Service (EaaS) platform that aids affiliates in data theft, adopting sophisticated techniques to evade detection and exert pressure on victims through reputational damage.

Key insights

  • WorldLeaks operates primarily through the exploitation of compromised VPN credentials lacking Multi-Factor Authentication (MFA).
  • The group has a unique four-platform infrastructure, which includes a data leak site and a victim negotiation portal.
  • They utilize living-off-the-land techniques and process injection to evade detection.
  • A notable method for initial access is the deployment of a custom rootkit called OVERSTEP on SonicWall SMA appliances.
  • Although primarily focused on data extortion, there are reports of encryption being used in some attacks.
  • WorldLeaks leverages a journalist portal to amplify reputational damage against victims, increasing pressure for compliance.
  • Their extortion model combines financial demands with threats of public data leaks to coerce victim organizations.

Threat Level & Status Breakdown

For worldleaks · Based on incidents in selected period

2.9threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality4/ 10

Status Breakdown

Claimed100.0%113
First seenJul 2025
Last seenJul 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJul 14, 2026

Recent activity

Monthly attack count for worldleaks in the selected period

113Total attacks
17peak in Aug
8.7avg / month
↓ 6 vs first month
JulAugSepOctNovDecJanFebMarAprMayJunJul05101520

Intelligence

IOCs, YARA/Sigma rules, and related families for worldleaks

  1. 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
  2. c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
  3. 7eec7d07587112777016e5742c0d002d7e64a3e1fe7bde82fed8f65e3663456a
View full IOC feed29 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for worldleaks

Other

T1486

T1486

T1490

T1490

T1078

T1078

T1021

T1021

T1562

T1562

T1059

T1059

T1047

T1047

T1021.001

T1021.001

T1566.001

T1566.001

T1190

T1190

T1071.002

T1071.002

T1075

T1075

Victims(113)

CompanyDomainCountryIndustryStatusDiscovered
Treet Group of Companiestreetcorp.comPK PakistanProfessional Services
Claimed
13 days ago
Service ITservice.com.brBR BrazilProfessional Services
Claimed
13 days ago
COMHARcomhar.orgUS United StatesProfessional Services
Claimed
14 days ago
Starpoolstarpool.comIT ItalyRetail & E-Commerce
Claimed
14 days ago
L'Archevque & Rivest Ltéelrivest.comCA CanadaProfessional Services
Claimed
25 days ago
Super Finishingsuperfinishing.com.brBR BrazilManufacturing
Claimed
25 days ago
Reliance Groupreliancegroupindia.comIN IndiaFinancial Services
Claimed
about 1 month ago
Tata Electronicstataelectronics.comIN IndiaManufacturing
Claimed
about 1 month ago
First Federal Savings & Loanfirstwithus.comUS United StatesFinancial Services
Claimed
about 1 month ago
Centra Sota Cooperativecentrasota.comUS United StatesOther
Claimed
about 1 month ago
M1xchangem1xchange.comIN IndiaTechnology
Claimed
about 1 month ago
Apollo Pipesapollopipes.comIN IndiaManufacturing
Claimed
about 1 month ago
GDL Transportgdl.seSE SwedenTransportation
Claimed
about 1 month ago
Access Dentalaccessdentalclinics.comUS United StatesHealthcare
Claimed
about 1 month ago
United Auto Supplyunitedautosupply.comUS United StatesManufacturing
Claimed
about 1 month ago
CH Karnchang Publicch-karnchang.co.thTH ThailandOther
Claimed
about 1 month ago
American Battery Factoryamericanbatteryfactory.comUS United StatesManufacturing
Claimed
about 2 months ago
BMJ Paperpackbmjpaperpack.comID IndonesiaManufacturing
Claimed
about 2 months ago
Bestat Pharmaservices Corp.bestat.com.twTW TaiwanHealthcare
Claimed
2 months ago
Ceywater Consultantsceywater.comLK Sri LankaProfessional Services
Claimed
2 months ago

Page 1 of 6