Avaddon Malware Operators Provided Data Decryption Keys

Operators of the ransomware Avaddon stopped their work and provided the Bleeping Computer with the keys to decrypt the victims’ data.

On the morning of June 11, 2021, journalists received an anonymous tip (allegedly from the FBI) on a password-protected ZIP file (Decryption Keys Ransomware Avaddon), as well as a password from it. The archive contained three files shown in the screenshot below.

Avaddon operators provided keys

After showing the received files to experts, namely to Fabian Vosar from Emsisoft and Michael Gillespie from Coveware, the journalists established that the decryption keys they received were legitimate.

In total, the attackers sent the publication 2,934 keys to decrypt data, each of which corresponds to a specific victim.

Emsisoft experts are already working on a free data decryption tool, which they promise to release within the next 24 hours or even earlier.

According to the updated information, the decryptor has already been published.

Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files. If your system was compromised through the Windows Remote Desktop feature, we also recommend changing all passwords of all users that are allowed to login remotely and check the local user accounts for additional accounts the attacker might have added.Emsisoft experts warn before using their decoder.

Avaddon launched in June 2020 with a phishing campaign that used a winking emoji.

Over time, Avaddon has grown into one of the largest ransomware operations ever, with the FBI and Australian law enforcement recently issuing guidelines related to the group.

All Avaddon sites are currently unavailable and it looks like the ransomware has stopped working. Moreover, according to journalists, in recent days, firms engaged in negotiations with extortionists have noted the insane rush of Avaddon operators, who were in a great hurry to complete all ransom payments. The hackers put pressure on the victims to pay as soon as possible, and the counter offers of the “negotiators” remained unanswered.

Most likely, the shutdown of Avaddon is due to the increased attention from law enforcement agencies and governments around the world, which are seriously interested in ransomware after the recent attacks on critical infrastructure and companies Colonial Pipeline and JBS.

Recent actions by law enforcement have made some attackers nervous and here is the result. One has dropped out, and hopefully others will soon follow.Emsisoft analyst Brett Callow commented to Bleeping Computer.

The publication notes that the publication of keys to decrypt data is not at all unprecedented. In the past, malware operators TeslaCrypt, Crysis, AES-NI, Shade, FilesLocker, Ziggy and FonixLocker have made public the keys.

Let me remind you that we also told that Experts have discovered an unknown malware that stole 1.2TB of confidential data.

Helga Smith

I was always interested in computer sciences, especially data security and the theme, which is called nowadays "data science", since my early teens. Before coming into the Virus Removal team as Editor-in-chief, I worked as a cybersecurity expert in several companies, including one of Amazon's contractors. Another experience: I have got is teaching in Arden and Reading universities.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button