Articles Haron ransomware is similar to the well-known threats of...

Haron ransomware is similar to the well-known threats of Thanos and Avaddon


Analysts from the South Korean company S2W Labs have discovered a new operation of the ransomware Haron, and note the similarity of the ransomware with such well-known malware as Thanos and Avaddon (no longer active ).

The first samples of the ransomware were found in early July. Like the vast majority of modern ransomware, Haron attacks mainly companies and enterprises in order to maximize its profits, and also has its own data leak site, which publishes information stolen from victims if they refuse to pay to decrypt files.

Researchers at S2W Labs say that from a technical point of view, Haron is built on code copied from other ransomware. So, the researchers noticed the following “parallels”:

  • Haron uses the old Thanos ransomware builder to create binaries ;
  • The ransomware site, where victims are asked to negotiate and pay the ransom, is almost identical to Avaddon’s site (as is the site for leaking stolen data);
  • the ransom letter contains large snippets of text copied from a similar Avaddon note;
  • the Haron server contains icons and images that were previously found on the official Avaddon website.

What all these similarities are connected with is still unclear. The researchers believe that the Haron operators may have hired one of the former Avaddon members, but they clearly did not have access to the source code of the Avaddon ransomware.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you