skip to Main Content

Cybercrime, Hades it’s the last Evil Corp ransomware

Hades it’s the last Evil Corp ransomware. The cybersecurity experts: It’s an evolution of the WastedLocker malware. The group (aka INDRIK SPIDER), known for Dridex, tries to bypass US sanctions

Hades it’s the last ransomware, created by Evil Corp to bypass US sanctions. It has been denounced by Bleeping Computer cybersecurity experts. The cybercrime gang (aka INDRIK SPIDER), known for distributing Dridex, started having problems in receiving ransoms after the U.S. Treasury sanctioned its members. Victims who pay the ransoms, in fact, violate the law and risk to be prosecuted by authorities. So, the Criminal Hackers first of all developed and spread WastedLocker ransomware. Then, they moved to Hades. It is a 64-bit compiled variant of the previous malware, upgraded with supplementary code obfuscation and a few minor feature changes. Furthermore, when encrypting a victim’s systems, it creates the ransom note “HOW-TO-DECRYPT-[extension].txt’”, resembling the ones dropped by REvil. It contains a URL to a Tor site with info about the attack and a Tox messenger address to contact the operators.

Back To Top