Avaddon ransomware operators appear to have had an apparent change of heart. They recently announced to abandon their operations and released the decryption keys for all the victims.
Closing shop
The Avaddon gang has shared decryption keys, with Bleeping Computer, shrouded in an anonymous tip pretending to be from the FBI.
The file received by the Bleeping team titled Decryption Keys Ransomware Avaddon contained 2,934 decryption keys in three files.
The team soon shared it with Emsisoft, who confirmed the legitimacy of the keys.
In the past, several ransomware groups such as TeslaCrypt, Crysis, AES-NI, Ziggy, GandCrab, Shade, FonixLocker, and FilesLocker have given out decryption keys before shutting down their business.
But, what if this announcement is merely a break taken by the group before spinning up a new version? With that uncertainty, let’s recap the proliferating history of the Avaddon group.
A backdrop into Avaddon
Avaddon ransomware was first seen in February 2020 but emerged as a robust Ransomware-as-a-Service (RaaS) model by June 2020.
It appeared in a wink and a smile campaign in June 2020 and was being propagated via the Phorphiex/Trik botnet.
When launched, the group was recruiting hackers and malware distributors in high numbers to spread the ransomware by whatever means possible.
In a few months of its activity, the group became one of the critical threats across multiple sectors, including healthcare, manufacturing, and private sectors worldwide.
The FBI and Australian law enforcement (ACSC) had released avaddon ransomware calls distributes
