Threat Actor Profile
High
Cybercriminal
Description
World Leaks emerged in January 2025 as a rebrand of the Hunters International ransomware operation, shifting its focus from file encryption to solely stealing sensitive data and threatening to leak it unless a ransom is paid
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-05-16',
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'World Leaks emerged in January 2025 as a rebrand of the '
'Hunters International ransomware operation, shifting its '
'focus from file encryption to solely stealing sensitive data '
'and threatening to leak it unless a ransom is paid',
'firstseen': '2022-06-23T18:57:09+00:00',
'group': 'worldleaks',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2026-04-28T09:26:17+00:00',
'locations': [{'available': True,
'fqdn': 'worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion',
'slug': 'https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/api/companies',
'title': '(no title)',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': True,
'fqdn': 'worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion',
'slug': 'https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/api/companies',
'title': '(no title)',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'worldleaks',
'tools': {},
'url': 'https://www.ransomware.live/group/worldleaks',
'victims': 151,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/worldleaks',
'victims': 151,
'vulnerabilities': []}