hades
1 incidentes
0 paises
0 sectores
ransomware RU Ultimo: 2026-06-25
Aliases: GOLD WINTER, Phoenix Locker, Hades Locker, WildFire Locker ransomware
Hades is a financially motivated ransomware group that emerged in December 2020 and is closely associated with the Russian-based cybercrime syndicate Evil Corp, also known as Indrik Spider. The group began using Hades ransomware as a successor to WastedLocker, another Evil Corp-developed ransomware, primarily to evade international sanctions imposed by the U.S. Treasury Department in December 2019. Hades operates as a private, human-operated ransomware, contrasting with the Ransomware-as-a-Service (RaaS) model, which indicates a highly engaged and hands-on approach by its operators. This group distinguishes itself by meticulously selecting high-value targets, typically large organizations with annual revenues exceeding $1 billion, to maximize financial gain. Hades is also referred to by the alias "Phoenix Locker." Unique operational characteristics include the use of customized Tor victim sites and Tox instant messaging for direct communication, diverging from centralized leak sites, a
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises objetivo (SOCRadar)
Argentina
Brazil
Canada
Germany
United Kingdom
Ireland
India
Luxembourg
Mexico
United StatesSectores objetivo (SOCRadar)
Construction of BuildingsFood ManufacturingOther Information ServicesMonetary Authorities-Central BankCredit UnionsRail TransportationSoftware PublishersTransportation Equipment ManufacturingEnterprises & HoldingAccommodation