After a real wave of extortion in the USA, the authorities had recently increased the pressure on the cyber criminals significantly . The ransomware attack on the pipeline operator Colonial Pipeline had even induced the US Department of Justice to want to put cyberattacks on a par with terrorist attacks in terms of prioritization in law enforcement. The tightened thumbscrews seem to be having an effect. A popular ransomware group has apparently stopped its activities.
Pressure: Successful ransomware blackmailers give fear
Avaddon had achieved a top position in the inglorious ranking of the most widely used ransomware variants in the past few months. The fact that the apparently “successful” blackmailers are now giving up the sails is of course good news for the victims. A sudden change of heart could hardly have been responsible for the task, but the increasing fear of being caught. After all, the FBI had recently succeeded in gaining access to the Bitcoin wallet of the Colonial Pipeline blackmailers – and saved a total of 63.7 Bitcoin.
The ransomware group Avaddon has gone out of business via the bleepingcomputer.com platform adopted. The editors there received a message with a password and a link to a protected zip file that supposedly came from the FBI. The file was called “Decryption Keys Ransomware Avaddon” – and actually contained decryption keys, according to a test by experts. Bleepingcomputer.com counted a total of 2,934 decryption keys. Each of them is said to belong to a victim of blackmail. On this website, Avaddon victims can have their files decrypted for free.
Avaddon group collects before posting
In the past few days, the cybercriminals behind Avaddon are said to have processed their victims once again, to quickly get the ransom transfer. They are said to have accepted any counter-offers, which observers say is unusual. According to Coveware CEO Bill Siegel, Avaddon is said to have asked an average of $ 600,000 to decrypt the encrypted files.
It is not all that unusual for ransomware groups to hand out the decryption keys before they are disbanded or a new attack is started with new software. Teslacrypt, Crysis, AES-NI, Shade, Fileslocker, Ziggy and Fonixlocker had already done something similar, as bleepingcomputer.com lists. The fact that Avaddon is actually history, at least suggests that currently all of Avaddon’s Tor pages are no longer accessible.