“Charon represents the next generation of ransomware, blending the stealth, precision, and persistence we usually associate with state-sponsored APT campaigns,” said Jaspreet Bindra, co-founder at AI&Beyond. “Unlike conventional ransomware that simply encrypts files and demands payment, Charon works patiently and methodically. It slips in quietly, leverages trusted applications to hide its presence, disables security tools, and deliberately destroys backups before locking up data, leaving enterprises with few viable recovery paths.”
The ransom note was customized to include the victim organization’s name, underlining the targeted nature of the campaign rather than a broad, opportunistic attack, Trend Micro acknowledged.
“Charon ransomware demonstrates how APT-level techniques are now being leveraged in ransomware attacks, dramatically increasing the threat to critical sectors such as aviation, healthcare, BFSI, and public services. Plus, custom ransom notes tailored for each victim further raise the psychological pressure on targeted organizations,” said Amit Jaju, senior managing director – India at Ankura Consulting.
