- World Leaks emerged in early 2025 as a new project by the operators of the Hunters International ransomware group, shifting from double extortion with ransomware to extortion-only attacks due to increased risks and reduced profitability.
- The World Leaks and Hunters International platforms share numerous similarities in design, layout, and functionality.
- World Leaks operates four distinct platforms: a main data leak site, a negotiation site for ransom payments, an Insider platform for journalists, and an affiliate panel.
- World Leaks faced initial bugs, downtime, and fluctuations in claimed data leak sizes, raising questions about data accuracy.
- Despite claiming to be extortion-only, some victims suffered ransomware deployment.
- We learned that the Secp0 ransomware group is collaborating with World Leaks, indicating potential future attractiveness for other threat actors.
4810 links
