Sportswear giant Nike has confirmed it is investigating a “potential cyber security incident” following claims by the World Leaks ransomware gang that it exfiltrated 1.4 terabytes of corporate data from the company.
The extortion group added Nike to its dark web leak site, claiming to have stolen nearly 190,000 files containing sensitive business operations data. In a notable development, World Leaks subsequently removed the Nike entry from its site—a move that typically indicates ongoing ransom negotiations or a potential payment.
World Leaks: A Dangerous Evolution
World Leaks represents a strategic rebrand of the notorious Hunters International ransomware operation. The group pivoted from traditional file encryption attacks to data theft and extortion-only tactics in January 2025, citing the increasing risks and diminishing profitability of conventional ransomware operations.
Hunters International itself emerged in late 2023 and was flagged as a possible rebrand of Hive ransomware due to significant code similarities. The group has claimed responsibility for over 280 attacks against high-profile targets.
A Track Record of Major Breaches
World Leaks has built an aggressive portfolio of victims, including:
- U.S. Marshals Service – A federal law enforcement agency
- Tata Technologies – Indian multinational tech giant
- Hoya Corporation – Japanese optics manufacturer (hit with $10 million ransom demand)
- AutoCanada – Major North American automobile dealership
- Austal USA – U.S. Navy contractor
Technical Evolution: SonicWall Exploitation
In July, World Leaks affiliates were linked to exploiting end-of-life SonicWall SMA 100 devices to deploy custom OVERSTEP rootkit malware—demonstrating the group’s sophisticated technical capabilities and willingness to leverage legacy vulnerabilities.
Why This Matters
The Nike incident highlights a critical trend in the ransomware landscape: major criminal groups are abandoning encryption-based attacks in favor of pure data extortion. This shift makes attacks harder to detect (no encryption alerts) and creates significant legal and reputational exposure for victims.
For enterprise security teams, the key takeaway is that data exfiltration prevention and detection must be elevated to match traditional ransomware defenses. Organizations should assume that modern threat actors are focused on stealing data first—with encryption as an optional secondary tactic.
Source: BleepingComputer
