Avaddon Ransomware Description
Cybersecurity researchers have spotted a new data-locker, which has been named Avaddon Ransomware. The Avaddon Ransomware does not appear to be related to any of the popular ransomware families.
Propagation and Encryption
The Avaddon Ransomware may be spread via several different infection vectors, which may include:
- Corrupted advertisements – Advertisements that claim to promote safe applications and useful tools but instead deliver the file-locker.
- Spam emails – Fake emails that contain either a malicious link or a macro-laced file as an attachment.
- Fake social media posts/pages – Cybercriminals often use bogus posts on social media websites, which may seem harmless at first glance, to spread various strains of malware
- Fraudulent software updates – Bogus prompts would urge users to apply an update to an application present on their system. However, the goal is to deliver the payload of a threat.
When the Avaddon Ransomware compromises a computer, it will perform a brief scan meant to determine the location of the files that meet the criteria of the threat. Usually, ransomware threats like the Avaddon Ransomware would go after a wide range of filetypes – images, documents, videos, spreadsheets, presentations, audio files, videos, archives, databases, etc. When the Avaddon Ransomware encrypts a file, it appends an extension to its name – '.avdn.' This means that if you have a file that was named 'buttery-egg.pdf' will be renamed to 'buttery-egg.pdf.avdn' when the Avaddon Ransomware encrypts it.
The Ransom Note
The Avaddon Ransomware would drop a ransom note on the desktop of the victim. The file, which contains the ransom message of the attackers, is called '<RANDOM NUMBERS>-readme.html.' The authors of the Avaddon Ransomware have designed a logo for their threat, which sits at the top of the ransom note. In the ransom message, the attackers state that the user needs to pay for a decryption tool called 'Avaddon General Decryptor.' The decryption tool can be purchased off a Tor-based website, and it costs $500 in Bitcoin. Cyber hackers like the ones responsible for the Avaddon Ransomware often prefer to be paid via cryptocurrencies, as this helps them keep their identities safe.
It is not recommended to contact the attackers or to pay for a decryption tool. Many cybercriminals fail to provide users with a decryption key, even if they have been paid. This is why it is best to consider investing in a reputable, modern antivirus solution that will help you remove the Avaddon Ransomware from your computer