Home Latest Cyber Security News | Network Security Hacking New Haron Ransomware Bears Striking Resemblance To Avaddon
Latest Cyber Security News | Network Security HackingNews

New Haron Ransomware Bears Striking Resemblance To Avaddon

by Abeerah Hashim
written by Abeerah Hashim

It hasn’t been long since the Avaddon ransomware gang went offline and released decryption keys. Now, a spin-off of it has surfaced online. Identified as Haron, the new ransomware bears a striking resemblance with Avaddon. It also exhibits similarities with Thanos ransomware, establishing itself as an amalgam of the two notorious ransomware.

Haron Ransomware Resembles Avaddon

Researchers from SW2 Lab have shared insights about the new Haron ransomware, hinting at the rebranding of Avaddon. Haron first caught attention in July 2021.

As elaborated in their Medium post, the new ransomware bears an uncanny resemblance to the (seemingly) now-defunct Avaddon ransomware.

Briefly, analyzing Haron revealed that it uses a similar (or the same) ransomware note like that of Avaddon. Also, the new ransomware operates its dark web leak site and negotiation site on Avaddon’s domain. The difference, however, is that Haron’s negotiation site requires a password for accessing it.

Moreover, the researchers also noticed similarities in the site’s interface and strings. The threat actors tweaked the newer site a bit by removing the icon in the chat option and changing the date format.

Haron ransomware and Avaddon

Source: SW2 Lab

Another difference is that Haron has set a 6-day negotiation deadline, unlike Avaddon that had 10 days.

As for the malware itself, Haron uses the now published Thanos ransomware.

Is Avaddon Back?

Although, the threat actors behind Haron have played smartly to disguise the re-emergence of Avaddon. However, the striking similarities of the two evidently hint at a rebranding.

However, the lack of specialized skills with Haron, the blatant use of the publicly available Thanos ransomware code, and the use of the open-source chat feature might also hint that the threat actors have exploited the remains of Avaddon to establish another ransomware.

Whatever the case is, users, particularly enterprises, must remain wary of cyberattacks, especially ransomware threats.

Recently, the DarkSide ransomware gang has also re-emerged as BlackMatter.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses