Avaddon Decryption Keys

Avaddon ransomware group just released the decryption keys for 2,934 victims to BleepingComputer.com. This morning, BleepingComputer obtained an anonymous tip claiming to be the FBI with a password and a protected zip file.

BleepingComputer explains that the keys were labeled as “Decryption Keys Ransomware Avaddon”. After sharing the files with security researchers, BleepingComputer confirmed the keys actually worked and were not just a myth.

BleepingComputer owner, Lawrence Abrams, explained that he successfully decrypted a virtual machine which was encrypted with a recent sample of the Avaddon ransomware.

Other decryption keys that have been released in this fashion include TeslaCrypt, Crysis, AES-NI, FilesLocker, Ziggy, and FonixLocker.

There is no clear-cut reason as to why Avaddon released the keys, but increased pressure by law enforcement could be a reason. The FBI and Australian law enforcement entities have released warnings on the ransomware group, and this could be their final escape before they’re outed. All of Avaddon’s Dark Web sites are inactive as of now, which further proves the group has truly shut down their operations.

Another major indicator of the shutdown is the recent rush to complete ransom payments. They’ve applied pressure on victims to pay ransoms but haven’t haggled back and forth by accepting rebuttals quickly.

It’s always great news to hear threat actors are exiting the threat landscape, but ransomware as a whole is still the greatest threat to organizations around the globe. As a leader in your organization, be sure you’re asking the right questions to the rest of the board in order to elevate your cybersecurity issues and solve them properly. Proposing a security firm with Security Operations Center as a Service (SOCaaS) capabilities, like SpearTip, will be one the best methods to protect your data, profits, and your organization’s reputation.

With SpearTip’s services incorporated into your business, you’ll have 24/7 continuous monitoring of your networks, accounts, and devices, a completely transparent view of your risk profile at all times through our endpoint detection and response tool ShadowSpear®, and access to highly technical, certified engineers at any moment in the day.

Sophisticated threat actors never sleep, so to defend them, neither will we. SpearTip is the best way to protect your organization from advanced persistent threats like Avaddon and other groups while knowing your data and information is secure.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.