Operators behind the Avaddon ransomware have closed down their operation and released over 2,000 decryption keys for their victims.
BleepingComputer news site said it received “an anonymous tip pretending to be from the FBI that contained a password and a link to a password-protected ZIP file.” The file named "Decryption Keys Ransomware Avaddon" contained 2,934 decryption keys, where each key corresponded to a specific victim.
BleepingComputer shared the file with researchers at Emsisoft, who analyzed the keys and confirmed they were legitimate. The company also released a free decryptor that allows victims to recover their files.
In May, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) issued the alerts warning of the Avaddon ransomware campaign targeting organizations in a variety of sectors across the world. The targeted sectors included government, finance, law enforcement, energy, information technology, health, freight and transport, manufacturing, retail, energy and airlines.
Currently, all of Avaddon's Tor sites are inaccessible, according to BleepingComputer. It’s unclear why the ransomware operators have shut down their operation so suddenly. According to experts, over the last few days the Avaddon group has tried hard to finalize ransom payments from existing unpaid victims, pressuring them to pay and accepting counter offers without bargaining. The reason for this may be the increased pressure and scrutiny by law enforcement and governments around the globe after recent attacks against Colonial Pipeline and JBS.