Operators of the ransomware Avaddon stopped their work and provided the Bleeping Computer with the keys to decrypt the victims’ data.On the morning of June 11, 2021, journalists received an anonymous tip (allegedly from the FBI) on a password-protected ZIP file (Decryption Keys Ransomware Avaddon), as well as a password from it. The archive contained three files shown in the screenshot below.
After showing the received files to experts, namely to Fabian Vosar from Emsisoft and Michael Gillespie from Coveware, the journalists established that the decryption keys they received were legitimate.
In total, the attackers sent the publication 2,934 keys to decrypt data, each of which corresponds to a specific victim.
Emsisoft experts are already working on a free data decryption tool, which they promise to release within the next 24 hours or even earlier.
According to the updated information, the decryptor has already been published.
Avaddon launched in June 2020 with a phishing campaign that used a winking emoji.
Over time, Avaddon has grown into one of the largest ransomware operations ever, with the FBI and Australian law enforcement recently issuing guidelines related to the group.
All Avaddon sites are currently unavailable and it looks like the ransomware has stopped working. Moreover, according to journalists, in recent days, firms engaged in negotiations with extortionists have noted the insane rush of Avaddon operators, who were in a great hurry to complete all ransom payments. The hackers put pressure on the victims to pay as soon as possible, and the counter offers of the “negotiators” remained unanswered.
Most likely, the shutdown of Avaddon is due to the increased attention from law enforcement agencies and governments around the world, which are seriously interested in ransomware after the recent attacks on critical infrastructure and companies Colonial Pipeline and JBS.
The publication notes that the publication of keys to decrypt data is not at all unprecedented. In the past, malware operators TeslaCrypt, Crysis, AES-NI, Shade, FilesLocker, Ziggy and FonixLocker have made public the keys.
Let me remind you that we also told that Experts have discovered an unknown malware that stole 1.2TB of confidential data.