Haron appeared in July 2021 as a ransomware-as-a-service operation heavily borrowing from the defunct Avaddon ransomware (copying ransom notes and leak site structure) and built on the Thanos ransomware builder, targeting enterprise organizations with a six-day negotiation window.
This group has 0 victims. The victim list API is currently responding slowly for this dataset. Country, sector, and infostealer breakdowns are not available at this time. Basic stats (victim count, first/last seen) are shown above from a faster data source.