14 June 2021

Avaddon ransomware group shuts down operation, releases decryption keys


Avaddon ransomware group shuts down operation, releases decryption keys

Operators behind the Avaddon ransomware have closed down their operation and released over 2,000 decryption keys for their victims.

BleepingComputer news site said it received “an anonymous tip pretending to be from the FBI that contained a password and a link to a password-protected ZIP file.” The file named "Decryption Keys Ransomware Avaddon" contained 2,934 decryption keys, where each key corresponded to a specific victim.

BleepingComputer shared the file with researchers at Emsisoft, who analyzed the keys and confirmed they were legitimate. The company also released a free decryptor that allows victims to recover their files.

In May, the Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) issued the alerts warning of the Avaddon ransomware campaign targeting organizations in a variety of sectors across the world. The targeted sectors included government, finance, law enforcement, energy, information technology, health, freight and transport, manufacturing, retail, energy and airlines.

Currently, all of Avaddon's Tor sites are inaccessible, according to BleepingComputer. It’s unclear why the ransomware operators have shut down their operation so suddenly. According to experts, over the last few days the Avaddon group has tried hard to finalize ransom payments from existing unpaid victims, pressuring them to pay and accepting counter offers without bargaining. The reason for this may be the increased pressure and scrutiny by law enforcement and governments around the globe after recent attacks against Colonial Pipeline and JBS.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021