Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.

The adversary appears mainly focused on enterprises, with some of the victims being multi-national organizations with more than $1 billion in annual revenues. The attacks mainly affected Canada, Germany, Luxembourg, Mexico, and the United States.