Haron Ransomware Description
The Haron Ransomware is a ransomware threat used in highly targeted operations. The threat is capable of affecting the files stored on compromised systems by encrypting them with a strong cryptographic algorithm. All locked files will become inaccessible and unusable. The hackers then demand to be paid a ransom, in exchange for the decryption key and software tool in their possession. As part of its targeted nature, the Haron Ransomware uses different file extensions to mark the files it encrypts, depending on the specific victim. The first entity infected by the threat was the CHADDAD Group leading to the encrypted files having '.chaddad' appended to their original names. Two identical ransom notes will be dropped on the Dekstop of the compromised device as files named 'RESTORE_FILES_INFO.txt' and 'RESTORE_FILES_INFO.hta.'
Haron Ransomware's Demands
The note of the threat reveals that the hackers have been able to obtain sensitive private data from the infected systems. If victims do not initiate contact within the first 3 days of the ransomware attack, information about the breach will be posted on the cybercriminals' dedicated leak site. After 7 days without contact, all of the data will be leaked to the public. To get additional payment details, victims are instructed to visit the site of the attackers accessible only via the TOR browser.
The full text of the ransom note is:
'-------=== Your network has been infected! ===-------
DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED
All your documents, photos, databases and other important files have been encrypted .
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news webs - and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
1.Download Tor browser - hxxps://www.torproject.org/
2.Install Tor browser
3.Open link in Tor browser -
4.Use login:- password: -
5.Follow the instructions on this page
- DO NOT TRY TO RECOVER FILES YOURSELF!*
- DO NOT MODIFY ENCRYPTED FILES!
- * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *