New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Description

A new ransomware family called Charon has been identified, targeting the Middle East's public sector and aviation industry. The attack employs sophisticated APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities. Charon uses a multistage payload extraction technique and a hybrid cryptographic scheme combining Curve25519 with ChaCha20 cipher. The ransomware exhibits network propagation capabilities and includes a dormant anti-EDR component. The campaign demonstrates a concerning trend of ransomware operators adopting APT-level techniques, posing an elevated risk to organizations. Defending against Charon requires a multilayered approach, including hardening against DLL sideloading, limiting lateral movement, strengthening backup capabilities, and reinforcing user awareness.