Midas is a Ransomware-as-a-Service (RaaS) operation that first emerged in October 2021, evolving directly from the Haron RaaS and building upon the Thanos ransomware builder. This group's primary motivation is financial gain, achieved through a multi-extortion model that involves encrypting victim data and threatening to publicly leak stolen information if ransoms are not paid. A defining characteristic of Midas is its use of custom C# payloads that incorporate heavy obfuscation and often append the '.axxes' extension to encrypted files. The group maintains its own data leak site for exfiltrated victim data, a key component of its double extortion strategy. While sometimes confused with other variants due to its Thanos builder lineage, Midas has also been associated with the 'Axxes Ransomware Group', suggesting a potential rebranding or close operational tie.

URLs nuevas detectadas en IntelTracker