September 27, 2023

The cybercrime group Avaddon active since 2020 has shut down its operations and provided the decryption keys. The group has also shut down its servers and deleted profiles on hacking forums, they also shut down their leak site.

The Avaddon ransomware encrypts victim’s files using AES-256 and RSA-2048, and appends a random extension. The decryptor allows the victims of the Avaddon ransomware to decrypt their files for free.

In the aftermath of the closing of the operation of Darkside gang, the Avaddon gang made the headlines by targeting multiple organizations in collaboration with the Conti gang.

Avaddon has been pressuring victims to pay and accepting the last counteroffer without any push back, which Siegel states is abnormal.

The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. This campaign is actively targeting Australian organisations in a variety of sectors.This advisory includes details about TTP associated with the Avaddon group.

Experts speculate that the group was not completely retired, instead they are rebranding their operations. This comes after DarkSide shutdown the operation.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: