Threat Actor Profile
Low
Cybercriminal
Description
According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encrypts a variety of data types using AES encryption. Hades Locker appends the names of encrypted files with the .~HL[5_random_characters] (first 5 characters of encryption password) extension.
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'According to PCrisk, Hades Locker is an updated version of '
'WildFire Locker ransomware that infiltrates systems and '
'encrypts a variety of data types using AES encryption. Hades '
'Locker appends the names of encrypted files with the '
'.~HL[5_random_characters] (first 5 characters of encryption '
'password) extension.',
'firstseen': '2020-12-15T00:00:00+00:00',
'group': 'hades',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2020-12-15T00:00:00+00:00',
'locations': [{'available': False,
'fqdn': 'ixltdyumdlthrtgx.onion',
'slug': 'http://ixltdyumdlthrtgx.onion',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'ixltdyumdlthrtgx.onion',
'slug': 'http://ixltdyumdlthrtgx.onion',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'hades',
'tools': {},
'url': 'https://www.ransomware.live/group/hades',
'victims': 1,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/hades',
'victims': 1,
'vulnerabilities': []}