The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warned about an increased activity from Avaddon ransomware group that target organizations from various industries mainly in the US .
Last week in its TLP:GREEN flash alert, the FBI said Avaddon ransomware affiliates attempt to breach the networks of organizations in manufacturing, healthcare, and other private sectors.
While the ACSC added to the range of sectors that the ransomware gang’s affiliates are targeting and mentioned government, finance, law enforcement, energy, information technology, and health. The ACSC has also provided a list of countries nowhere victims are located which include the US, UK, Germany, China, France, Brazil, India, UAE, Spain, and others. Australia has also received its share of attacks:
“The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilizing the Avaddon Ransomware malware [..] actively targeting Australian organisations in a variety of sectors,” the ACSC added. “The ACSC is aware of several instances where the Avaddon ransomware has directly impacted organizations within Australia.”
The ACSC said that in addition to leaking stolen data and encrypting the systems, Avaddon operators threatened victims with denial-of-service (DDoS) attacks to make them pay ransoms. However, the FBI said it saw no evidence of DDoS attacks during Avaddon ransomware attacks.
The Avaddon ransomware gang first announced in January 2021 that they would launch DDoS attacks against victims after other ransomware groups began using these attacks against their victims as additional leverage in October 2020. It is also known for stealing data from victims in a double-extortion tactics.
Avaddon ransomware was first detected in February 2019 and later it launched a massive worldwide spam campaign.
Affiliates who join this RaaS operation are responsible for compromising networks to deploy payloads or distribute the ransomware via spam or exploit kits. At the same time, its operators are accountable for developing the malware and operating the TOR payment site.
The Avaddon RaaS operation doesn’t hit targets from the Commonwealth of Independent States (CIS).
The average ransom Avaddon hackers demanded is roughly 0.73 bitcoins ($41,000) in exchange for its Avaddon General Decryptor decryption tool.