World Leaks emerged in early 2025 as a new project by the operators of the Hunters International ransomware group, shifting from double extortion with ransomware to extortion-only attacks due to increased risks and reduced profitability.
The World Leaks and Hunters International platforms share numerous similarities in design, layout, and functionality.
World Leaks operates four distinct platforms: a main data leak site, a negotiation site for ransom payments, an Insider platform for journalists, and an affiliate panel.
World Leaks faced initial bugs, downtime, and fluctuations in claimed data leak sizes, raising questions about data accuracy.
Despite claiming to be extortion-only, some victims suffered ransomware deployment.
We learned that the Secp0 ransomware group is collaborating with World Leaks, indicating potential future attractiveness for other threat actors.
