The cybercrime group Avaddon active since 2020 has shut down its operations and provided the decryption keys. The group has also shut down its servers and deleted profiles on hacking forums, they also shut down their leak site.

The Avaddon ransomware encrypts victim’s files using AES-256 and RSA-2048, and appends a random extension. The decryptor allows the victims of the Avaddon ransomware to decrypt their files for free.

In the aftermath of the closing of the operation of Darkside gang, the Avaddon gang made the headlines by targeting multiple organizations in collaboration with the Conti gang.

Avaddon has been pressuring victims to pay and accepting the last counteroffer without any push back, which Siegel states is abnormal.

The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors.This advisory includes details about TTP associated with the Avaddon group.

Experts speculate that the group was not completely retired, instead they are rebranding their operations. This comes after DarkSide shutdown the operation.