Avaddon

Malware updated 4 months ago (2024-05-04T20:19:42.753Z)

Download STIX

Preview STIX

Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like VMWare ESXi and Synology NAS. In February 2021, the Avaddon operators announced a temporary increase in profit share to 80% following the release of a decryption tool that threatened their operation's profitability. The Avaddon ransomware group had connections within the cybercriminal community, notably with individuals like Kondratiev, also known as "Bassterlord" and "Fisheye," who had ties to other ransomware groups including REvil, RansomEXX, and Avaddon. The Avaddon ransomware group ceased operations on June 11, after which they released decryption keys, effectively shutting down their operation. This action followed a series of measures taken by Russia's government against ransomware operators, including Avaddon, in 2021. Following the shutdown, all decryption keys were sent to Bleeping Computer, an online tech support site, allowing victims to regain access to their encrypted files. In the aftermath of Avaddon's shutdown, the landscape of ransomware groups saw significant changes. Notably, NoEscape emerged as a rebrand of Avaddon, adopting multi-extortion tactics and becoming successful in the process. This shift was part of a broader trend of volatility and transformation among ransomware groups, highlighted by instances like the disruption of Hive ransomware, BlackByte's rebranding to Black Suit, and NoEscape's (formerly Avaddon) exit scam. NoEscape is now considered part of the Royal Ransomware lineage, along with Blackmatter, Hunters International, and Avaddon.

Description last updated: 2024-05-04T17:03:13.580Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
NoEscape	5	NoEscape is a form of malware, specifically ransomware, known for infiltrating victim networks and collaborating with other ransomware affiliates like Ransomhouse and ALPHV (also known as BlackCat). These groups work together to gain access to victim networks, lock them down, and strategize on how t

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

RaaS

Encryption

Healthcare

Esxi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
REvil	Unspecified	4	REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s
Hive	Unspecified	2	Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
DarkSide	Unspecified	5	DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom

Source Document References

Information about the Avaddon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	7 months ago	Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	7 months ago	Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit
CERT-EU	7 months ago	International Operation Targets Notorious LockBit Ransomware Group \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	International Operation Targets Notorious LockBit Ransomware Group \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
InfoSecurity-magazine	7 months ago	LockBit Reigns Supreme in Soaring Ransomware Landscape
CERT-EU	8 months ago	Ransomware Activity Surged in 2023, Likely to Evolve in 2024 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	A look back to plan ahead \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	The Top 10 Ransomware Groups of 2023
CERT-EU	10 months ago	Blacksuit Ransomware linked to Royal Ransomware - Cybersecurity Insiders
Fortinet	10 months ago	Ransomware Roundup – NoEscape
CERT-EU	10 months ago	Royal ransomware may soon rebrand, BlackSuit links confirmed
CERT-EU	10 months ago	ASVEL basketball club slam dunked by NoEscape ransomware gang, data stolen
CERT-EU	10 months ago	ASVEL basketball team confirms data breach after ransomware attack
CERT-EU	10 months ago	Les dernières cyberattaques (24 octobre 2023)
CERT-EU	a year ago	Healthcare organizations a prime target for NoEscape ransomware, HHS warns
CERT-EU	a year ago	Feds Warn Healthcare Sector of 'NoEscape' RaaS Gang Threats
InfoSecurity-magazine	a year ago	Healthcare Sector Warned About New Ransomware Group NoEscape
BankInfoSecurity	a year ago	Feds Warn Healthcare Sector of 'NoEscape' RaaS Gang Threats
CERT-EU	a year ago	CERT-In issues alert for NoEscape ransomware \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Ransomware gang says it has hit International Joint Commission \| IT World Canada News