On December 12, Fortinet reported on a heap-based buffer overflow...
Hades ransomware was discovered in a targeted attack across businesses and has been linked by many to the Hafnium group, a state-backed group of hackers.
Classic Hades ransomware attacks include important files being encrypted and seeing 5 characters at the end of the affected file names, for instance “.cm99v” or “.dvxr9.” Hades ransomware attacks also include ransom notes titled, “HOW-DECRYPT- [appended_extension].txt” with demands and instructions, as shown below:
To retrieve lost files and information, the Hades hacking group demands ransom money and very specific instructions. However, it’s important to take a breath and think clearly before taking any action.
Before we cover what you should do if you experience this attack, let’s ensure you’re protected.
If you are a Carbon Black or Crowdstrike user, you are protected as this is an out-of the-box feature.
Carbon Black users: you can investigate this ransomware attack by running the following query: ((process_name:attrib.exe)) -enriched:true
If you are not, you might need to blacklist the File IDs below. That depends on the antivirus and other software you use.
If you’re not sure you are protected, feel free to reach out, and we can help you determine if your software has the right capabilities against this ransomware hack.
FILE ID |
HASH TYPE |
e657ff4838e474653b55367aa9d4a0641b35378e2e379ad0fdd1631b3b763ef0 |
SHA256 |
7272457bac023e7ab635fc3d82212a89918de36d5433dd389e6151805e47b0cd |
SHA256 |
b081f95a66befa3e74b31664b2af723f17af1edb76c6e6da69c52ca0adf377fb |
SHA256 |
ab99a5767c1d598c49b1f5d615a76302 |
MD5 |
be4c5e4713009e5446ee042ba7c33fe0 |
MD5 |
a1bb903539f4d0752d3d2f2a7e759ea6 |
MD5 |
b4061d4227e08cfaa3190dea9926571fca2736a1 |
SHA1 |
f8e52380b6f3668d4de6df416c8da389c0d98fe8 |
SHA1 |
29b6cecc4547afff9cca196892cd6c46160fea34 |
SHA1 |
You will not be able to access important documents as they will be encrypted and have the 5 digit extension on the file name.
To check if you’ve been affected by a Hades ransomware attack, simply search your system for the file extensions: “.cm99v” and “.dvxr9”.
If you find a Hades ransomware file in your system, it's important to take a moment and proceed carefully.
On December 12, Fortinet reported on a heap-based buffer overflow...
לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...
This video link has expired. Please contact Michelle at [email protected]...