Breach Response Hotline, Call 833.997.7327

Contact Us

Breach Response Hotline, Click to Call

Contact Us

Day 19: Hades Ransomware

Common Attack Vectors

  • SocGholish malware disguised as a fake Chrome update
  • Single-factor authentication VPN (Virtual Private Network) access
  • Remote Desktop Protocol (RDP)

Vulnerabilities Exploited

  • Microsoft Exchange servers
  • ProxyLogon

Industries Targeted Frequently

Manufacturing

Threat actors target manufacturing facilities to disrupt product distribution.

Insurance

Threat actors target insurance companies to steal clients' names, personally identifiable information and other sensitive information.

Enterprises

Threat actors target enterprises, stealing sensitive data, encrypting network files and demanding ransoms.

Recent Activity

Forward Air, a trucking and freight logistics company, was breached by Hades ransomware, impacting the company’s operations and shutting down its systems.

Hades deployed a new variant, Olympic Destroyer, against the 2018 Winter Olympics games in South Korea as a wiper malware.

Common File Extensions

Five randomly generated character strings

Known Alias

  • WastedLocker

How Hades Ransomware is Distributed

Hades operators target remote desktop protocols or virtual private networks, harvesting legitimate credentials. The operators secure privilege escalation by manually enumerating obtained credentials. The attackers perform several evasion techniques including disabling antivirus programs. Finally, the operators implement Hades ransomware through an attacker-controlled server stealing data and encrypting files identified on the victim’s network using the double-extortion tactic. When the files are encrypted, threat actors will display a ransom note telling victims to download the Tor website, open a specific URL, and follow the instructions on how to pay the ransom to decrypt the targeted files.

ShadowSpear

SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.

24/7 Breach Response: US/CAN: 833.997.7327

Main Office: 800.236.6550

Email Us

1714 Deer Tracks Trail, Suite 150

St. Louis, MO 63131

Navigation

Connect With Us

Twitter Linkedin Facebook

©2024 SpearTip, LLC. All rights reserved.