Haron Ransomware

Haron ransomware is relatively new, along with Blackmatter ransomware and AvosLocker it has been vying for the spot left by REvil Sodinokibi and Darkside and especially Evaddon ransomware which appears to be Haron’s direct predecessor.

The Haron group follows a “good manners” norm, they restrict attacks to specific sectors such as:

  • Hospitals;
  • Critical infrastructure facilities (nuclear plants, power plants, water treatment facilities);
  • Oil and gas industry (pipelines, oil refineries);
  • Defence industry;
  • Non-profit companies;
  • Government sector.

If any of these sectors are attacked, the group says it will give away the decryption key for free, this is the same mode of operation as the BlackMatter ransomware.

The group works with the RaaS tactic (Ransomware as a Service) which is the outsourcing of attacks. In numerous Darkweb forums the group appears selling their services in exchange for a commission on the ransom value.

Haron ransomware attacks are focused on the Windows operating system. Most antivirus software cannot identify the presence of the ransomware after the invasion because the ransomware is virtually unnoticeable.

Haron’s encryption is so powerful that even after removing the virus the data can remain encrypted. And if that happens the recovery of the encrypted data will be necessary.

Recover Data Encrypted by Haron Ransomware

The recovery of encrypted data can only be done by a highly qualified company that has the tools and technologies that are suitable for such a service. And, few companies are capable of doing this service

Among these few companies is Digital Recovery, which with more than two decades in the data recovery market. It was able to develop technologies that innovated the recovery of data encrypted by ransomware on any device, whether: RAID systems, Storage, Database, Servers, Virtual Machines and others. This ability to develop technologies has put us at the forefront of encrypted file recovery.

Because we know that we deal with data that can be sensitive for companies, we provide all our clients with the confidentiality agreement (NDA) as a guarantee that nothing about the process will be disclosed.

All our processes are in accordance with the General Law on Data Protection (GDPR).

During the entire process, the client is accompanied by a specialist who can clarify any questions about the process.

Contact us and see what we can do for your data.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery