The infamous ransomware Avaddon has seemingly shut down as it abruptly releases decryption keys. Although the gang hasn’t specifically mentioned any departure yet. However, the voluntary release of over 2900 keys hints at it.
Avaddon Ransomware Shut Down
Bleeping Computer has recently reported the shut down of Avaddon ransomware as it received decryption keys from the attackers.
As revealed, the media site received an anonymous tip, impersonating the FBI as the sender. It included a password-protected zipped file that has the decryption keys of Avaddon ransomware. Bleeping Computer could verify that the decryption keys were legit.
The file included a total of 2934 decryption keys, each unique to a victim.
While it remains unclear whether the ransomware gang has terminated or will undergo an overhaul, both possibilities may convince the threat actors to release decryption keys.
Nonetheless, given the growing attention from the law enforcement that even led to the seizure of the Darkside ransomware gang, Avaddon may likely have quitted.
Recently, the FBI and the Australian Cyber Security Centre (ACSC) have also issued warnings about the Avaddon attacks. At that time, the gang was active in the wild targeting various firms that included the French company Acer Finance.
However, following the Colonial Pipeline and JBS Foods incidents, law enforcement started a harsh crackdown against ransomware threat actors. So, the gang may have appeared on the radar of the LEAs that eventually made them go underground.
The ransomware started catching attention in June 2020 when it started active operations. Primarily, the malware reached the victims via phishing emails. The attackers then used to put up high ransom demands from the victims.
While they initially had no specific limitations for the target sectors, recently Avaddon announced some changes. Specifically, after the cybercrime forums started banning ransomware discussions, Avaddon announced not to target education, healthcare, social infrastructure.
However, it now seems to have walked out due to the extensive government scrutiny against ransomware infrastructure.
On a side note, Emsisoft has released a free Avaddon decryptor on its website. Hence the ransomware victims may use this decryptor to recover their data (instead of using the attackers’ decryptors that might be malicious).
Let us know your thoughts in the comments.