FBI and ACSC warn of escalating Avaddon ransomware attacks

FBI and ACSC Warn of Escalating Avaddon Ransomware Attacks

The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warned about an increased activity from Avaddon ransomware group that target organizations from various industries mainly in the US .

Last week in its TLP:GREEN flash alert, the FBI said Avaddon ransomware affiliates attempt to breach the networks of organizations in manufacturing, healthcare, and other private sectors.

While the ACSC added to the range of sectors that the ransomware gang’s affiliates are targeting and mentioned government, finance, law enforcement, energy, information technology, and health. The ACSC has also provided a list of countries nowhere victims are located which include the US, UK, Germany, China, France, Brazil, India, UAE, Spain, and others. Australia has also received its share of attacks:

“The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilizing the Avaddon Ransomware malware [..] actively targeting Australian organisations in a variety of sectors,” the ACSC added. “The ACSC is aware of several instances where the Avaddon ransomware has directly impacted organizations within Australia.”

The ACSC said that in addition to leaking stolen data and encrypting the systems, Avaddon operators threatened victims with denial-of-service (DDoS) attacks to make them pay ransoms. However, the FBI said it saw no evidence of DDoS attacks during Avaddon ransomware attacks.

The Avaddon ransomware gang first announced in January 2021 that they would launch DDoS attacks against victims after other ransomware groups began using these attacks against their victims as additional leverage in October 2020. It is also known for stealing data from victims in a double-extortion tactics.

Avaddon ransomware was first detected in February 2019 and later it launched a massive worldwide spam campaign.

Affiliates who join this RaaS operation are responsible for compromising networks to deploy payloads or distribute the ransomware via spam or exploit kits. At the same time, its operators are accountable for developing the malware and operating the TOR payment site.

The Avaddon RaaS operation doesn’t hit targets from the Commonwealth of Independent States (CIS).

The average ransom Avaddon hackers demanded is roughly 0.73 bitcoins ($41,000) in exchange for its Avaddon General Decryptor decryption tool.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.