Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.
Avaddon was launched at the beginning of this month and is actively recruiting hackers and malware distributors to spread the ransomware by any means possible.
As its first known attack, the Avaddon Ransomware is being distributed in a spam campaign reminiscent of February’s Nemty Ransomware Love Letter campaign.
The cybersecurity firm Appriver stated that the Phorphiex/Trik Botnet is distributing the malicious emails.
This campaign is not small, as AppRiver security researcher David Picket told us that they had blocked over 300,000 emails in just a short period.
That means to the recipient, it would just appear as a .jpg file, as shown below.
When executed, the JS attachment will launch both a PowerShell and Bitsadmin command to download the Avaddon ransomware executable to the %Temp% folder and run it.
To avoid your users being taken in by these malicious emails, it’s recommended that employees be enrolled in Security Awareness Training, as two-thirds of employees received no training in the last year. This will dramatically help lower the likelihood of any successful attack.