SentinelOne VS Hades Ransomware – Prevention
Hades is sometimes referred to as Phoenix Locker. Hades and Phoenix, in this context, are considered to be the same threat.
Hades is believed to be developed by the Evil Corp group and is related to Payload.bin and WastedLocker.
Prolific threat actors have launched many Hades ransomware campaigns against high-value targets since at least December 2020.
Operators behind Hades are often hands-on with delivering and managing the malware within their targets.
Like other popular ransomware families, Hades will attempt to disable or otherwise compromise any system recovery options and Volume Shadow Copy deletion.
Actors behind these campaigns have leveraged RDP and VPN flaws or stolen credentials to launch their attacks. However, these are not the only possible options.
Hades is a 64-bit compiled version of WastedLocker that displays important code and functionality overlaps. In March 2021, a new variant called ‘Phoenix Locker’ appeared in the wild. Analysis suggests this is a rebranded version of Hades with little to no changes.
Hades employs a UAC bypass taken from the UCME product. Unlike other Evil Corp outputs, Hades does not use Alternate Data Streams (ADS) during its execution. In addition, Hades stores key information in each encrypted file, while WastedLocker and Bitpaymer store key information inside a ransom note.
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…