“Avaddon” Gives Away Its Ransomware Decryption Keys for Free and Shuts Down Operation

  • “Avaddon” calls it a day by releasing decryption keys and shutting down its online portals.
  • The ransomware group may just change branding, as the shutdown looks suspiciously coordinated.
  • A decryptor has already been made available by Emsisoft, and it’s free to download and use.

Only yesterday, we informed you of Avaddon’s latest high-profile victim and the presence of signs of the DDoSing that typically accompanies the attacks of the particular ransomware group. A few hours after that, Avaddon dropped the decryption keys to BleepingComputer, in a message that pretended to be from the FBI and took its operation portals offline. The medium shared the files with specialists from Emsisoft and Coveware, and they confirmed the validity of the keys, which they used to release a working decryptor for all victims.

Avaddon has compromised thousands of firms and organizations, and BleepingComputer received a pretty large set of 2,934 decryption keys. This is one key for each victim, but the decryptor released by Emsisoft doesn’t need the insertion of the specific key. Just follow the step-by-step instructions provided here, and hopefully, you will get most of your files back.

As CEO of Coveware Bill Siegel stated, Avaddon has followed an abnormal approach in recent weeks, not engaging in notable pushback if negotiations didn’t go well. This is indicative of hasty operations and a sign of nervousness, and a preamble of an imminent shutdown. Possibly, the actors felt that the law enforcement authorities were closing in, so they feared being tracked down, identified, and arrested.

Another possibility is that Avaddon would like to rebrand, as they are now drawing too much attention as the most active (in terms of the number of attacks) RaaS operation. This is pretty likely because Avaddon didn’t post any messages to announce the shutdown and didn’t have any members going renegade and revealing info. This shutdown is too coordinated and “silent” to be the real end of operations for such a prolific group of actors.

This is yet another real-life example of why you should keep encrypted files stored and patiently wait for the release of a decryptor while you rebuild your systems from scratch. In most cases, sooner or later, one way or another, a decryptor will eventually land. Ransomware operations usually shut down after a short period of boom in their activities, which happens for various mutually supportive reasons. The next most active and troublesome ransomware group in the pipeline is Conti, which will now find itself in the spotlight.

How to Watch European Athletics Championships 2022 Online From Anywhere
The Athletics action is about to get underway at the 2022 European Championships, and we cannot wait to watch our favorite track...
How to Watch Legacy: The True Story of the LA Lakers Online From Anywhere
A new documentary series featuring LeBron James, Shaquille O'Neal, Magic Johnson, and more will soon premiere, and we're excited to watch it...
How to Watch Sky High Club: Scotland and Beyond Online From Anywhere
The show that tells the stories of the young crew members of the UK's largest regional airline will premiere soon, and we...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari