“Avaddon” Gives Away Its Ransomware Decryption Keys for Free and Shuts Down Operation

  • “Avaddon” calls it a day by releasing decryption keys and shutting down its online portals.
  • The ransomware group may just change branding, as the shutdown looks suspiciously coordinated.
  • A decryptor has already been made available by Emsisoft, and it’s free to download and use.

Only yesterday, we informed you of Avaddon’s latest high-profile victim and the presence of signs of the DDoSing that typically accompanies the attacks of the particular ransomware group. A few hours after that, Avaddon dropped the decryption keys to BleepingComputer, in a message that pretended to be from the FBI and took its operation portals offline. The medium shared the files with specialists from Emsisoft and Coveware, and they confirmed the validity of the keys, which they used to release a working decryptor for all victims.

Avaddon has compromised thousands of firms and organizations, and BleepingComputer received a pretty large set of 2,934 decryption keys. This is one key for each victim, but the decryptor released by Emsisoft doesn’t need the insertion of the specific key. Just follow the step-by-step instructions provided here, and hopefully, you will get most of your files back.

As CEO of Coveware Bill Siegel stated, Avaddon has followed an abnormal approach in recent weeks, not engaging in notable pushback if negotiations didn’t go well. This is indicative of hasty operations and a sign of nervousness, and a preamble of an imminent shutdown. Possibly, the actors felt that the law enforcement authorities were closing in, so they feared being tracked down, identified, and arrested.

Another possibility is that Avaddon would like to rebrand, as they are now drawing too much attention as the most active (in terms of the number of attacks) RaaS operation. This is pretty likely because Avaddon didn’t post any messages to announce the shutdown and didn’t have any members going renegade and revealing info. This shutdown is too coordinated and “silent” to be the real end of operations for such a prolific group of actors.

This is yet another real-life example of why you should keep encrypted files stored and patiently wait for the release of a decryptor while you rebuild your systems from scratch. In most cases, sooner or later, one way or another, a decryptor will eventually land. Ransomware operations usually shut down after a short period of boom in their activities, which happens for various mutually supportive reasons. The next most active and troublesome ransomware group in the pipeline is Conti, which will now find itself in the spotlight.



Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari