In what appears to be a controversial turn of events, the Avaddon Ransomware Gang has apparently shut down operations and released around 2900 decryption keys, as was reported by Bleeping Computer.
Shutoff and decrypt:
In their latest report, the security media website reported that they had received an anonymous tip, masquerading as the FBI as a sender of the decryption keys from the threat actors.
The receiving included a password-protected zip file that was sent to Bleeping Computer by the Avaddon ransomware gang containing the number of decryption keys.
The file contained a total of 2934 decryption keys for several unique victims of the ransomware gang.
Subsequently, the decryption keys were tested and verified to be authentic as well. However, it not yet fully clear or confirmed if the ransomware gang has discontinued or is planning to go through a revamp.
Malicious Avaddon Ransomware:
The Avaddon ransomware primarily gained traction in June 2020, when they started their active mal-operations.
It was known to deploy its attacks via phishing emails sent to targets ad then put up subsequent ransom demands.
While they initially had no specific limitations for the target sectors, recently the ransomware gang had announced some changes. This was initiated specifically after the cybercrime forums started banning ransomware discussions, Avaddon announced not to target education, healthcare, social infrastructure.
It is speculated that the increasing awareness from law enforcement entities that led to the shutting of Darkside ransomware also drove the Avaddon ransomware to shut off operations.
Recently, the FBI and the Australian Cyber Security Centre (ACSC) have also issued warnings about the Avaddon attacks. At that time, the gang was active in the wild targeting various firms that included the French company Acer Finance. However, following the Colonial Pipeline and JBS Foods incidents, law enforcement started a harsh crackdown against ransomware threat actors.