The Hunters ransomware group has claimed to have launched a cyberattack on Double Eagle Energy Holdings IV, LLC, a prominent US-based oil and natural gas development and production company. The Hunters ransomware attack occurred on January 23, 2024, when the Hunters group claimed to have successfully compromised Double Eagle Energy Holdings, exfiltrating a substantial 768.2 GB of sensitive data, including corporate structures, internal documents, accounting records, bank account information, scanned tax returns, and passports.
The ransomware group substantiated its claims by sharing scanned copies of passports and screenshots revealing corporate structures and bank account information.
Notably, the group did not disclose any intentions to release the compromised data, leaving the affected organization and the cybersecurity community on high alert.
Hunters Ransomware Attack: Impact on Double Eagle Energy Holdings
The impacted organization, Double Eagle Energy Holdings IV LLC, has faced a setback due to the Hunters ransomware cyberattack. As a result, the company’s official website, doubleeagledevelopment.com, is currently inoperative, displaying an SSL error.
The Cyber Express has attempted to reach out to the affected organization for further insights into the incident. However, communication was impeded by the absence of a valid SSL certificate on the company’s site, leaving the claims of the cyberattack unverified.
Hunters International, a Ransomware-as-a-Service (RaaS) brand, surfaced in Q3 of 2023, drawing attention due to similarities in its source code with the notorious Hive ransomware strain. Initial malware analysis revealed a significant overlap of approximately 60% with samples of Hive ransomware version 61.
While the technical analysis suggested a potential connection to the disrupted Hive cartel, Hunters International has vehemently denied any affiliation with the Hive operation.
Modus Operandi of Hunters International Group
Intelligence indicates that Hunters International ransomware operates with a primary objective of exfiltrating target data and subsequently extorting victims through ransom demands. The attack chain involves encrypting files and appending the “.LOCKED” extension.
Notably, the threat actors often leave files with the naming convention “Contact Us.txt” in directories, containing instructions for victims to initiate negotiations on the dark web.
The incident involving Double Eagle Energy Holdings IV LLC highlights the importance of robust cybersecurity measures and prompt response strategies to mitigate potential damages.
The industry awaits further developments and responses from both the affected organization and the cybersecurity community in the wake of this unsettling Hunters ransomware attack.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
