Avaddon Ransomware Shuts Down Its Operation And Releases Decryption Keys
BleepingComputer received an anonymous tip pretending to be from the FBI that contained a password and a link to a password-protected ZIP file.
This file claimed to be the “Decryption Keys Ransomware Avaddon,” and contained the three files shown below.
Ransom.Avaddon is sold to criminal affiliates as a Ransomware-as-a-Service (RaaS) strain. It has been around since 2019 and in June of 2020, it got some real traction due to a malspam campaign. Later it started promoting higher rates for its affiliates using adverts on networks and RDP. Avaddon ransomware performs encryption in offline mode using AES-256 + RSA-2048 to encrypt files.
Using a test decryptor shared with BleepingComputer by Emsisoft, Lawrence Abrams, the owner of Bleeping computer.com decrypted a virtual machine encrypted today with a recent sample of Avaddon.
In total, the threat actors sent us 2,934 decryption keys, where each key corresponds to a specific victim.
Emsisoft has released a free decryptor that all victims can use to recover their files for free.