What’s new: A new ransomware family named Charon has been discovered targeting the public sector and aviation industry in the Middle East. The threat actor employs advanced evasion tactics similar to those used by APT groups, including DLL side-loading and process injection. Charon is capable of terminating security services, deleting backups, and uses a driver from the open-source Dark-Kill project to disable EDR solutions. The campaign appears to be targeted, as evidenced by customized ransom notes that name specific organizations.
Who’s affected
Organizations in the public sector and aviation industry in the Middle East are currently at risk from the Charon ransomware attacks.
What to do
- Implement robust endpoint detection and response (EDR) solutions to monitor for suspicious activities.
- Regularly back up data and ensure backups are stored securely and are not accessible from the network.
- Educate employees about phishing and social engineering tactics that may lead to initial access.
- Review and update incident response plans to include scenarios involving sophisticated ransomware attacks.
