The Avaddon ransomware gang has shut down operation and launched the decryption keys for his or her victims to BleepingComputer.com.
This morning, BleepingComputer acquired an nameless tip pretending to be from the FBI that contained a password and a hyperlink to a password-protected ZIP file.
This file claimed to be the “Decryption Keys Ransomware Avaddon,” and contained the three information proven beneath.
Utilizing a check decryptor shared with BleepingComputer by Emsisoft, I decrypted a digital machine encrypted right this moment with a current pattern of Avaddon.
In whole, the risk actors despatched us 2,934 decryption keys, the place every key corresponds to a particular sufferer.
Emsisoft is engaged on a free decryptor with these keys, and it ought to be accessible throughout the subsequent 24 hours, if not sooner.
Whereas it would not occur typically sufficient, ransomware teams have beforehand launched decryption keys to BleepingComputer and different researchers as a gesture of goodwill after they shut down or launch a brand new model.
Avaddon shuts down ransomware operation
Avaddon launched its operation in June 2020 by means of a phishing marketing campaign that contained a winking smiley, proven beneath.
Over time, Avaddon has grown into one of many bigger ransomware operations, with the FBI and Australian law enforcement recently releasing advisories associated to the group.
Right now, all of Avaddon’s Tor websites are inaccessible, indicating that the ransomware operation has probably shut down.
Moreover, ransomware negotiation corporations and incident responders noticed a mad rush by Avaddon over the previous few days to finalize ransom funds from current unpaid victims.
Coveware CEO Invoice Siegel has advised BleepingComputer that Avaddon’s common ransom demand was round $600k.
Nevertheless, over the previous few days, they’ve been pressuring victims to pay and accepting the final counteroffer with none push again, which Siegel states is irregular.
It’s not clear why Avaddon shut down, however it was probably attributable to the elevated strain and scrutiny by legislation enforcement and governments worldwide after current assaults towards essential infrastructure.
“The current actions by legislation enforcement have made some risk actors nervous: that is the end result. One down, and let’s hope some others go down too,” Emsisoft risk analyst Brett Callow advised BleepingComputer.
As many of the bigger ransomware operations are believed to be operated inside Russia or different CIS nations, President Biden will likely be discussing these current ransomware assaults with Russian President Vladimir Putin on the June 16 Geneva summit.