The executable is actually a publicly available wiper script (credits to a GitHub repo from 2019) wrapped in a Crypter. It doesn't encrypt files to decrypt them later; it simply renames them with a .hydra extension and deletes the originals after 72 hours. If you pay the Bitcoin ransom, hydra_rus has no technical way to get your files back. They are relying on the victim panicking before checking the code.
In biology, the term "Hydra" has been used to describe a genus of small freshwater animals that have the ability to regenerate lost body parts. This has led to the use of the term "hydra" as a metaphor for any system or organization that has the ability to adapt and regenerate in response to challenges. hydra_rus
hydra_rus gained notoriety in late 2023 by claiming to have developed a new "HydraLocker" ransomware. We analyzed a sample obtained by a partner sandbox environment. The verdict? The executable is actually a publicly available wiper
It implemented a rigorous "garant" (escrow) system and internal dispute resolution that made it surprisingly "reliable" for a criminal enterprise. Technical Sophistication They are relying on the victim panicking before