At the end of last week, a cyber attack targeted the Japanese company Hoya, known for its production of optical tools, medical equipment, and electronic components. The company operates through 160 offices, over 40 laboratories, and multiple subsidiaries across more than 30 countries worldwide.
Initially, the extent of the attack and whether any data from Hoya’s customers or employees were compromised was unclear. However, the hackers behind the attack recently emerged from the shadows and outlined their demands to the company.
Cybercriminals from the Hunters International group requested a $10 million ransom for a file decoder and assurance that stolen data would not be made public. They claim to have taken approximately 1.7 million files from Hoya’s networks, totaling 2 terabytes in size.
Since April 4, 2024, Hoya has not provided any updates regarding its operational status, indicating ongoing disruptions to production and delays in system restoration.
The Hunters International group, which emerged in mid-2023, is associated with the Ransomware-AA-Service (RAAS) model. The group’s software bears similarities to discontinued code, suggesting a potential rebranding effort. However, the hackers deny direct ties to Hive, asserting that they acquired the software from the latter.
Hunters International actively targets companies across various industries, demanding ransoms ranging from hundreds of thousands to millions of dollars. The group has also issued threats to hospitals and their patients as part of their illicit activities.