Gold Winter Cybercrime Group

apt hacker group

The Hades Ransomware has been one of the mysterious threats of 2021 – it first popped up in December 2020, and it quickly made headlines because of the ludicrous amounts it requested from its victims. Typically, companies attacked by the Hades Ransomware were asked to pay between $5 to $10 million dollars. As you can probably guess, a ransomware gang with such demands was not going after regular users – the Hades Ransomware focused on large enterprises. Some of the notorious victims of this ransomware campaign were US-based companies belonging to the transportation and logistics industry, as well as a global manufacturing company.

The criminals behind the Hades Ransomware gang have now been recognized as a group by cybersecurity experts – the Gold Winter Cybercrime Group. Unfortunately, there is not enough information about the group yet, but its infrastructure appears to hint that they might be based in Russia. Of course, the group is financially motivated, and it is likely that they will continue to rely on ransomware threats In the future.

Just like other modern ransomware gang, the Gold Winter hackers also publish the names of their victims on the Internet and threaten to leak their data if they do not pay. However, they do not use a single website for this – instead, every victim has a designated page that will be used to leak data if they do not agree to pay. This way, even if some of Gold Winter's infrastructure is taken down, their campaign will continue.

Of course, Gold Winter Cybercrime Group's implants are not decryptable via free utilities – its uses a nearly flawless file-locking mechanism. The only reliable way to recover the locked files is through a backup – paying the ransom fee is never a guarantee that you will get a decryptor. Unfortunately, the Hades Ransomware has already been delivered in different variations such as the PayloadBIN Ransomware.