According to Greek mythology, Hades is the land of the dead and the god who rules there.

Today, the word Hades is used in place of Hell.

Hades ransomware group is a new threat group, and at this time, it is too soon to determine their tactics and techniques used in attacks. But their ransom note is all too similar to REvil ransomware group. Hades is responsible for this recent cyberattack.

Forward Air, a Tennessee based trucking and freight logistics company, suffered a ransomware attack on Dec. 15.

The cyberattack compromised its computer systems, both operational and information technology. In response to the attack, Forward Air took all systems offline to avoid the spread, contacted law enforcement and initiated a partnership with a third-party cybersecurity professional.

As a result, Forward Air faced business disruption. Truck drivers were not able to access paperwork to release freight from customs. Therefore, Forward Air has lost revenue.

When Hades encrypts a victim, it releases a ransom note labeled, ‘HOW-TO-DECRYPT-[extension].txt’.

Hades hasn’t indicated how much they want from this attack. Hades isn’t unique. They, too, mimic other ransomware groups who encrypt data and attempt to steal it, demanding a ransom, and promising not to publish the data.

This is a developing story. At the time of publication, it is not known whether Forward Air paid or has intentions to pay the ransom. Forward Air’s website is currently unavailable. Attacks like this provide any spectators with the lens to see ransomware attacks affect businesses of any industry and can have a lasting impact.

SpearTip is constantly watching for new malware and manipulative programs. Our 24/7 Security Operations Center (SOC) is fully staffed with cybersecurity professionals to monitor and protect your environment. Not only are our cybersecurity teammates continuously preventing cyberattacks, but also able to deploy our proprietary tool, ShadowSpear® in an environment before or after an attack.