Avaad Ransomware

The Avaad Ransomware is a file-locking Trojan that comes from the Ransomware-as-a-Service family of the Dharma Ransomware (AKA Crysis Ransomware). The Avaad Ransomware stops users' media, such as documents, from opening with an encryption feature and demands ransoms in a pop-up HTA message with a skull-and-crossbones logo. Users should keep backups for restoring any locked files instead of paying the ransom and always delete the Avaad Ransomware with a professional anti-malware product.

Remote Access Software Going the Wrong Way Around

As malware analysts identify new versions of the Dharma Ransomware Ransomware-as-a-Service, they also track vulnerabilities, phishing lure themes, and tactics that are part and parcel of the fundamentally non-consensual installation routine. The Avaad Ransomware is a demo of how fake names on files become more than small problems for users who trust them. The Avaad Ransomware pretends that it's a legitimate Bitvise Limited product while not relinquishing the attacks that define its family.

The Avaad Ransomware's name and copyright information describe it as an installer for the Bitvise client, a remote access program that uses the SSH protocol. Malware researchers confirm that the Avaad Ransomware even includes digital signatures referring to Bitvise Limited and other companies, perfecting the disguise. The threat actor may have a fake Bitvise website for distributing the Trojan or use decentralized methods, such as torrents, which would effectively target software pirates – although the 'personal edition' of Bitvise is free.

In other areas, the Trojan is a familiar example of Dharma Ransomware's capabilities, just like the Cvc Ransomware, the MUST Ransomware, the Rxx Ransomware or the Wiki Ransomware. It uses AES and RSA encryption for locking the user's files, places extensions on their names (the 'avaad' string) and deletes local backups or the Restore Points. Then, it extorts money from victims with its traditional skull-and-crossbones pop-up ransom note.

As ever, malware experts recommend every other solution as preferable to paying ransoms, which criminals may take without reliably unlocking files.

Cutting Off Access to Irreplaceable Data

The Avaad Ransomware's campaign displays the vulnerability of digital credentials for exploitation by bad-faith actors. As a rule, users never should download files from questionable sources without scanning them with proper security solutions. Malware experts also point to torrents, unofficial 'warez' styles, and e-mail attachments as likely sources of exposure to these threats.

Backing up files to other devices for recovery also is an essential step in limiting the Avaad Ransomware's extortion potential. Users should be attentive to documents, pictures, movies, music, archives, spreadsheets, databases and other media that file-locker Trojans habitually sabotage. Because the Dharma Ransomware family, and nearly all other Ransomware-as-a-Services, wipe the Restore Points, dependency on them for restoring data is a risky proposition.

The effectiveness of the Avaad Ransomware's disguise has no impact on traditional threat-identifying technology. Most anti-malware programs can delete the Avaad Ransomware as a matter of course, similar to other versions of the Trojan family.

Criminals who invest in tricks for trapping the incautious are hoping that more ransoms will make it to their wallets. Proving them mistaken helps bring a quicker end to the Avaad Ransomware and the rest of the still-bustling RaaS industry.