Articles Avaddon malware operators publish data decryption keys

Avaddon malware operators publish data decryption keys


Operators of the ransomware Avaddon stopped working and provided the Bleeping Computer with the keys to decrypt the victims’ data.

On the morning of June 11, 2021, journalists received an anonymous tip (allegedly from the FBI) ​​on a password-protected ZIP file (Decryption Keys Ransomware Avaddon), as well as a password from it. The archive contained three files shown in the screenshot below.

After showing the received files to experts, Fabian Vosar from Emsisoft and Michael Gillespie from Coveware, the journalists established that the decryption keys they received were legitimate.

In total, the attackers sent the publication 2,934 keys to decrypt data, each of which corresponds to a specific victim. Emsisoft experts are already working on a free data decryption tool, which they promise to release within the next 24 hours or even earlier ( UPD : decryptor published ).

All Avaddon sites are currently unavailable and it looks like the ransomware has stopped working. Moreover, according to journalists, in recent days, firms engaged in negotiations with extortionists have noted the insane rush of Avaddon operators, who were in a great hurry to complete all ransom payments. The hackers pressured the victims to pay as quickly as possible, and the counter offers of the “negotiators” remained unanswered.

Most likely, the shutdown of Avaddon is due to increased attention from law enforcement agencies and governments around the world, which are seriously interested in ransomware after the recent attacks on critical infrastructure and companies Colonial Pipeline  and  JBS .

“Recent actions by law enforcement have made some attackers nervous and here is the result. One has dropped out, and hopefully others will soon follow, ”Emsisoft analyst Brett Callow commented to Bleeping Computer.

The publication notes that the publication of keys to decrypt data is not at all unprecedented. In the past, malware operators TeslaCrypt, Crysis, AES-NI, Shade, FilesLocker, Ziggy, and FonixLocker have released the keys.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you