Optics giant Hoya hit with $10 million ransomware demand

A recent cyberattack on Hoya Corporation was conducted by the 'Hunters International' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack.

Hoya is a Japanese company specializing in optical instruments, medical equipment, and electronic components. It operates 160 offices and subsidiaries in more than 30 countries and a network of 43 laboratories worldwide.

A week ago, the firm disclosed a cyberattack that impacted production and order processing, with several of its business divisions experiencing IT outages.

At the time, the firm said it was investigating the possibility of hackers having accessed or exfiltrated sensitive information from its systems but noted that it could take some time to determine if anything was stolen.

As first reported by LeMagIT, Hunters International demanded a $10 million ransom not to release an alleged 1.7 million stolen files, amounting to 2 TB of data. This ransom demand was also confirmed independently by BleepingComputer.

Currently, no files have been released on the Hunters International site and the threat actors haven't publicly claimed responsibility for the attack on Hoya.

LeMagIT has posted evidence in the form of screenshots from the ransomware operation's negotiation panel that victims use to negotiate a ransom payment.

However, the threat actors have applied a "No Negotiation / No Discount Policy" on Hoya, indicating that this is the only offer that will be accepted. It is unknown if this is just bluster by the ransomware gang or if they will refuse to accept any lower offer.

BleepingComputer has contacted Hoya asking for a comment on the recent developments, but we're still waiting for a response.

Meanwhile, the company has not provided any updates on the business status since April 4, 2024, so it is assumed that production remains impacted and remediation efforts are still underway.

Hunters International is a Ransomware-as-a-Service (RaaS) operation that emerged in mid-2023, whose encryptor shares code with the Hive ransomware operation, indicating a possible rebrand.

However, Hunters International denied any affiliation with the Hive operation, asserting that they acquired the software and website from the now-defunct ransomware entity.

Hunters International has since been observed targeting companies in all verticals, demanding ransoms that span from several hundred thousand to multiple millions of dollars.

The ransomware gang also has a very loose policy on who they attack, even targeting hospitals and targeting patients with extortion demands.