International law enforcement authorities and the cybersecurity community are joining hands to thwart evolving cyberattacks from various threat actors operating across the globe. Recently, the FBI and the Australian Cyber Security Center (ACSC) warned about the ongoing Avaddon ransomware campaign targeting manufacturers, airlines, and health care organizations globally.
The Avaddon ransomware variant was first spotted in February 2019. The ACSC claimed that the Avaddon ransomware variant is leveraged as a Ransomware-as-a-Service (RaaS) in several cybercriminal campaigns in Australia. Operators behind Avaddon usually demand a ransom payment in Bitcoin (BTC), with an average demand of BTC 0.73 (approximately $40,000) for a decryption key.
“Avaddon has an active presence on underground dark web cybercrime forums, notably advertising the Avaddon RaaS variant to potential affiliates via a number of high tiers cybercrime forums. Avaddon threat actors also utilize the data leak site (DLS) avaddongun7rngel[.]onion to identify victims who fail or refuse to pay ransom demands,” the ACSC said.
Avaddon Targeted Countries and Sectors
TTPs of Avaddon Ransomware Group
- Using double extortion techniques as coercion and further pressure victims to pay a ransom
- Threatening to publish the victim’s data (via the Avaddon Data Leak Site (DLS): avaddongun7rngel[.]onion
- Threatening the use of DDoS attacks against the victim
How does Avaddon attack?
A ransom note is displayed on the victims’ system, which reads: “All your files have been encrypted.”
The ACSC also recommended certain security measures for improved security:
- Patch operating systems and applications, and keep antivirus signatures up to date.
- Scan emails and attachments to detect and block malware and implement training and processes to identify phishing and externally sourced emails.
- Maintain offline, encrypted backups of data and regularly test your backups.
- Regularly conduct backup procedures and keep backups offline or in separate networks.
Related Story: How Australia Plans to Thwart Ransomware Attacks