Avaddon ransomware group shuts down operations, releases decryption keys

Cyber experts attribute the cessation of operation to mounting pressure by governments worldwide, especially the US, to eliminate online crime. FBI Director Wray called on companies not to pay ransom to hacking groups    

BIGSTOCK/Copyright: Sashkin

The Avaddon ransomware group shut down its operations and released decryption keys to the operators of the BleepingComputer, a cyber news website which is part of the EUROPOL's anti-ransomware project, and is also often used as a platform for hackers to deliver their message. 

Over the weekend, the website'ss operators received an anonymous email tip, masking itself as an FBI source, which contained the link and password to a file that included the keys. A total of 2,934 keys were sent, each one corresponding to a specific victim. The site noted that attack groups sometimes release encryption keys as a gesture of good will when they end their operations - or when they develop a new version of their malware.

The Avaddon group was identified for the first time in June 2020 when it sent phishing emails. Its average ransom demand was $600,000. According to the website, it is not completely clear why the group ceased its operations, but it was likely caused by the growing pressure by governments and law enforcement authorities worldwide, especially the US.

The Biden administration is intensifying its war against ransomware crime, something which has received an even greater boost after Colonial Pipeline attack, and is taking action to promote international cooperation on the issue. ten days ago, the Department of Justice announced that it was elevating ransomware attack investigations to a priority similar to that of terrorist attacks.   

Last week, FBI Director Christopher Wray said that the bureau's policy is that companies should not pay ransom to cyberattackers. Besides the fact that such payments can encourage additional cyberattacks, victims may not recover their data, he said during a testimony in front of the House Judiciary Committee - held after the FBI succeeded in returning $2.3 million worth of Bitcoin out of the ransom of almost $4.4 million paid by Colonial Pipeline.  

The topic of cyberattacks is expected to be one of the main points during Biden's meeting with his Russian counterpart, Vladimir Putin, in Geneva later this week. Many attacks, including those against Colonial Pipeline and meat processing company JBS, have been attributed to the Russian regime or entities operating on its behalf. 

You might be interested also