Avaddon Ransomware Closure: Hackers Sent Over 2K Decryption Keys


The Avaddon ransomware closure has already been announced. They have mentioned shutting down their operations and releasing thousands of decryption keys to the victims for free. The Avaddon group has been one of the most notorious ransomware groups in 2021.

Lawrence Abrams of a renowned news outlet had mentioned that he was sent an anonymous email bearing a link and password to the zip file named “Decryption Keys Ransomware Avaddon.” 

The Zip file bore decryption keys for 2,934 Avaddon ransomware victims. The figure of the decryption keys that were revealed in the process states that there have been so many organizations that never disclosed about the attacks. The previous reports had just mentioned 88 victims that had been crippled by the ransomware.

Lawrence Abrams has worked with Fabian Wosar (Emsisoft Chief technology officer) and Michael Gillespie of Coverware to verify the authenticity of the decryption keys. 

The ransomware gangs that were behind the eminent attacks such as ASE-Ni, Shade, Crysis, Ziggy, FilesLocker etc., have also released their decryption keys at times and even shut down for a variety of reasons. Avaddon ransomware closure is also an example like the afore-mentioned. In February, a Spanish student released a free Avaddon decryption tool. However, the ransomware gang became aware and in no time updated their code for turning it foolproof again.

“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told a news outlet. 

“Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”

Additionally, Wosar had mentioned that the hackers behind the Avaddon ransomware probably had made enough money and is the reason they had announced the Avaddon ransomware closure

As per Woser, “ransom negotiators have been noticing an urgency when dealing with Avaddon operators in recent weeks. Negotiators with the gang are caving “instantly to even the most meager counter offers during the past couple of days.”

“So this would suggest that this has been a planned shutdown and winding down of operations and didn’t surprise the people involved,” Wosar explained. 

“The Avaddon threat actors are also said to offer their victims 24/7 support and resources on purchasing Bitcoin, testing files for decryption, and other challenges that may hinder victims from paying the ransom,” the report said. 

“What’s interesting about this ransomware group is the design of its Dark Web blog site. They not only claim to provide full dumps of their victims’ documents, but they also feature a Countdown Clock, showing how much time each victim has left to pay. And to further twist their victims’ arms, they threaten to DDoS their website if they don’t agree to pay immediately.” 

RecordedFuture’s data has shown that the Avaddon ransomware had accounted for approximately 24% of all the ransomware incidents following the Colonial pipe attack in May. A report on the ransomware stated that the Avaddon ransomware was first spotted in February 2019. Since then, it operated as a ransomware-as-a-service (RaaS) model where the developers offered negotiable affiliates 65% of all the ransoms.

Source: ZDNet

Disclaimer: Read the complete disclaimer here.


Please enter your comment!
Please enter your name here