Popular ransomware gang gives up and returns hundreds of keys
The pressure from law enforcement agencies seems to have grown too great. The ransomware group Avaddon has now given up. Hundreds of extortion victims can breathe a sigh of relief.
After a real wave of extortion in the USA, the authorities had recently increased the pressure on the cyber criminals significantly. The ransomware attack on the pipeline operator Colonial Pipeline had even induced the US Department of Justice to want to put cyberattacks on a par with terrorist attacks in terms of prioritization in law enforcement. The tightened thumbscrews seem to be having an effect. A popular ransomware group appears to have stopped its activities.
Contents
Pressure: Successful ransomware blackmailers create fear
In the past few months, Avaddon had achieved a top position in the inglorious ranking of the most widely used ransomware variants. The fact that the apparently “successful” blackmailers are now giving up the sails is of course good news for the victims. A sudden change of heart could hardly have been responsible for the task, but the increasing fear of being caught. After all, the FBI recently succeeded in gaining access to the Bitcoin wallet of the Colonial Pipeline blackmailers – and saved a total of 63.7 Bitcoin.
Incidentally, the ransomware group Avaddon has become via the bleepingcomputer.com platform passed out of business. The editors there received a message with a password and a link to a protected zip file that supposedly came from the FBI. The file was called “Decryption Keys Ransomware Avaddon” – and actually contained decryption keys, according to a test by experts. Bleepingcomputer.com counted a total of 2,934 decryption keys. Each of them is said to belong to a victim of blackmail. On this website Avaddon victims can have their files decrypted for free.
Avaddon Group cashes in before giving up
In the past few days, the cyber criminals behind Avaddon are said to have processed their victims again to quickly transfer the ransom. They are said to have accepted any counter-offers, which observers say is unusual. According to Coveware CEO Bill Siegel, Avaddon is said to have asked an average of $ 600,000 to decrypt the encrypted files.
It is not all that unusual for ransomware groups to hand out the decryption keys before they are disbanded or a new attack is started with new software. Teslacrypt, Crysis, AES-NI, Shade, Fileslocker, Ziggy and Fonixlocker had already done something similar, as bleepingcomputer.com lists. The fact that Avaddon is indeed history suggests at least that all of Avaddon’s Tor pages are currently no longer accessible.
