Hoya Corporation Targeted by Hunters International Ransomware Operation
Hoya Corporation has suffered a cyber attack of the kind that was planned and executed by the ‘Hunters International’ ransomware operation that is asking for the $10 million as payment of the decryption tool and at the same time threatening to do a data breach and expose the files that were taken during that event.
Response Efforts and Challenges Faced by Hoya Corporation
Hoya is a leading Japanese conglomerate that focuses on lens research, medical instruments and electronic components.
Hoya is present 160 offices and subsidiaries in about 30 countries, while it is operating its research facilities at 43 labs across the globe.
The corporation started to address the cyber incident publically about a week, and as a result of this, production and order processing were disrupted in numerous branches of business because of IT outages.
Hoya, however, would dedicate a whole lot of time to consider if the data might be hacked; or if, all the same, the hackers could even have access to or extract sensitive information from the systems.
Reported Ransom Demand and Verification
LeMagIT started its reporting with the story about the ransom of $10 mln requested by Hunters International with reference to the alleged release of 1.7 mln compromised documents of size 2 TB. BleepingComputer, which verified the legitimacy of this demand as well, reported on it.
So far, no information has been provided on the platform of the Hunters International regarding its possible involvement in the data breach or about the unknown perpetrators are behind the cyber attack on Hoya.
LeMagIT mentioned proof that includes ransomware attackers’ screenshots used between victims when they negotiate about amount of their ransom.
Uncertainty Surrounding the Attackers’ Identity
Although, Hunters International has opted for “NO NEGOTIATION / NO DISCOUNT” with HOYA it still remains doubtful whether this is just posturing on the part of the ransom or a serious threat to keep Hoya from declining the amount of ransom.
BleepingComputer was engaged in efforts to get Hoya to respond to the recent developments, but the responses were not received as it had expected.
However, the Bureau has not given a positive response as to the operational status of the company since May 4, 2024, meaning that the disruptions have continued, and remedial efforts have been ongoing.
Response from Hoya Corporation and Media Outlets
Initiating the investigation process, researchers discovered the name of the new ransomware, called as Hunters International, that arose in the middle of 2023. The similarity of its encryption code with the Hive ransomware provided enough evidence to support the direction that the new ransomware was a result of a rebranding strategy.
In the meantime, Hunters International did put up a denial of their involvement in the Hive operation, only having obtained the software and website from a defunct ransomware “client”.
Particularly, Hunters International has been restarning attacking enterprises any kind of sectors whether it’s manufacturing, energy, healthcare, or education and has been known to be making ransom demands ranging from $100,000-$5 million.
This discriminate means to both patients and of the patients by hospitals and to the patients’ being patients’ extortion and hospitals by the extortion of patients.