Avaddon ransomware shuts down, distributes thousands of decryption keys

Only a handful of Avaddon victims admitted to being attacked

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The infamous Avaddonransomwaregroup, which bysome accountshas been one of the most prolific in 2021, has apparently shut down its operations.

As further proof of closing shop, the group has sent decryption keys for almost 3000 of their victims to Lawrence Abrams ofBleeping Computer.

Abrams worked with Fabian Wosar, CTO ofcybersecurityvendorEmsisoft, and Michael Gillespie of ransomware recovery consultants Coveware, to verify the decryption keys. Emsisoft then rolled the keys in afree toolthat Avaddon victims can use to decrypt their files.

“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar toldZDNet.

Scale of operations

Wosar further states that the key database suggests that Avaddon had attacked a total of 2934 victims. He says the threat actors on average demanded around $600,000 from their victims, which even after negotiations would have generated quite a lot of money for Avaddon.

Analyzing Avaddon’s recent interactions, Wosar suggests the move appears planned. The Avaddon operators exhibited an uncharacteristic urgency in recent ransom negotiations, and seemed to agree to even the most meager counter offers during the past couple of days.

“So this would suggest that this has been a planned shutdown and winding down of operations,” Wosar told ZDNet.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although the group hasn’t revealed their reasons for the shutdown, it appears theUS' recenttoughened stanceand theUK’s posturing against ransomware operators, including mounting pressure on the governments under whose jurisdictions these threat actors operate, has had a bearing on the wind up.

What’s surprising about the whole exercise though is the total number of victims. A report from cybersecurity vendoreSentire attributesonly 88 attacks to Avaddon based on the number of disclosures by victims. However, the release of the 2934 keys is clear indication that a staggering majority of the victims shy away from reporting ransomware attacks.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)