Introduction
Hades Ransomware has been active since December, 2020. However, there is limited public knowledge about behind the scene threat group. Some attributes Hades to the HAFNIUM threat group, while the other relates it to the financially motivated GOLD DRAKE threat group because it has some similarities to the group's WastedLocker ransomware. the financially motivated threat group, GOLD WINTER, operates the Hades ransomware.
Ransomware groups are typically opportunistic, targeting the organizations susceptible to extortion and pay the ransom. However, GOLD WINTER had attacked many North American manufacturing organizations, showcasing its interest as a "big game hunter", looking for high-value targets.
Characteristics
There are only a small number of organizations that were reportedly attacked by Hades group. However, there might be more victims that are publicly identified. They have mostly focused on a few industries like logistics providers, manufacturing industries, automotive supply chain, and insulation products. Evidently, this ransomware has targeted countries like Canada, USA, Mexico, Germany, etc. Their narrow targeting is comparatively unique.
This group uses the methods for both their leak and drop sites, likely to be taken down in a short span of time. Their methods have little sophistication which is quite different from the other ransomware actors. This actor chose multiple sites for the leaks and also remained consistent on the Twitter account in order to broadcast the message and naming the victims.
Impact
Hades group have been destructive in more than one instances. It is confirmed that they have several times executed commands like "kill" on their victims, to destroy the backup storage systems, so that they cannot restore anything from backup. Additionally, the impact of their encryption across the Microsoft Windows environment is adverse. Many cross domain encryptions and several different versions of the encryption software using Hades incidents, have been discovered.
Conclusion
Hades ransomware group have targeted limited organizations, that have been identified publicly. However, the information available about their pattern and everything is sufficient enough to successfully protect a network from its attack and/or mitigate its adverse effects.
Comments
Post a Comment