Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
What’s new: A new ransomware family named Charon has been discovered targeting the public sector and aviation industry in the Middle East. The threat actor employs advanced evasion tactics similar to those used by APT groups, including DLL side-loading and process injection. Charon is capable of terminating security services, deleting backups, and utilizes a driver from the open-source Dark-Kill project to disable endpoint detection and response (EDR) solutions. The campaign appears to be targeted, as evidenced by customized ransom notes directed at specific organizations.
Who’s affected
The Charon ransomware campaign primarily targets organizations within the public sector and aviation industry in the Middle East.
What to do
- Implement robust endpoint detection and response solutions to identify and mitigate advanced threats.
- Regularly back up data and ensure backups are stored securely and are not accessible from the network.
- Monitor for unusual process activity and employ threat intelligence to stay informed about emerging ransomware tactics.
- Educate employees on recognizing phishing attempts and suspicious activities that could lead to initial access.
