A group of unknown financially motivated threats is using the self-proclaimed Hades ransomware variant in cybercrime operations that have affected at least three victims since December 2020. This group of cybercriminals appears to be demanding of their targets and primarily persecutes organizations with a focus on manufacturing, especially those in the automotive supply chain, as well as those with insulation products.
The locations of the attack were slightly dispersed as each of the companies was global in their operational footprints, although these organizations were affected in multiple geographies, it is understood that the ransomware attack was focused on Canada, Germany, Luxembourg, Mexico. and the United States.
Hades set of tools and approaches include several that are often used by spy-related threat actors – for example, the researchers said the group leveraged valid accounts in all victim settings, including accounts from service and privilege administrator accounts used by the threat actor.
It is thought that the group behind Hades searched local databases and file systems to find files of interest and confidential data prior to the exfiltration and also searched and collected data from shared networks on remote systems. Common targets for this were accessible shared directories on file servers.
The main industries affected by this threat would be:
▸Transport company
▸Consumer Products Company
▸Manufacturing and distribution company
Check also:
DoppelPaymer – Ransomware targeting industries
Netwalker Ransomware that uses the fear on Covid
[…] check:Hades ransomware targetting businessesDoppelPaymer – Ransomware targeting industriesZeppelin Ransomware targetting large […]