The Avaddon ransomware group, known for using Excel 4.0 macros as an infection vector, has begun to use distributed denial of service (DDoS) attacks as a strategy to pressure its victims to make the infection ransom payment. This threat had a great impact during 2020 and there was an increase in this type of attack and in new families compared to previous years, boosted by the context of the pandemic. More frequent email and instant messaging, the first-time use of video conferencing applications for large numbers of people, and even the sudden switch to telecommuting were just some of the factors that created a more conducive scenario for ransomware attacks.
Avaddon is one of the busiest groups so far in 2021 – a ransomware as a service (RaaS) that was first reported in June 2020 and has a solid reputation in black markets. Although the most common targets of attack in its short period of life have been small and medium-sized companies in Europe and the United States, something that caught our attention is the number of people affected by this ransomware in Latin America, affecting government agencies and industrial companies. like health or telecommunications.
Avaddon is written in C ++ and can be recognized by the “.avdn” extension attached to encrypted files in certain versions. Also, it uses a hybrid encryption method, similar to other modern ransomware, using AES256 and RSA2048 encryption keys.
Avaddon follows the popular double extortion technique by threatening to expose his victims’ data on a “leak website” where they also post snippets of the stolen data as a lever to force payment of the ransom demand.
Some of the initial access mechanisms used by this ransomware were phishing emails with attachments in ZIP format containing a malicious javascript file. These emails included a message in the body of the email that sought to arouse the user’s curiosity, such as a supposed photo or similar.
Related reads:
Babuk Locker – The First Ransomware of 2021
Gafgyt is a botnet that uses Mirai DDoS modules
[…] check:Avaddon, the ransomware that uses DDoS attacksGafgyt is a botnet that uses Mirai DDoS modulesPing of Death, One of the first threats on the […]
[…] also:Avaddon, the ransomware that uses DDoS attacksRyuk is a Ransomware that attacks […]
[…] reads:Avaddon, the ransomware that uses DDoS attacksQlocker new ransomware that puts QNAP devices at […]
[…] reads:Avaddon, the ransomware that uses DDoS attacksBuer Malware Charger Emerges on the […]