Avaddon

Malware updated 7 months ago (2024-05-04T20:19:42.753Z)

Download STIX

Preview STIX

Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like VMWare ESXi and Synology NAS. In February 2021, the Avaddon operators announced a temporary increase in profit share to 80% following the release of a decryption tool that threatened their operation's profitability. The Avaddon ransomware group had connections within the cybercriminal community, notably with individuals like Kondratiev, also known as "Bassterlord" and "Fisheye," who had ties to other ransomware groups including REvil, RansomEXX, and Avaddon. The Avaddon ransomware group ceased operations on June 11, after which they released decryption keys, effectively shutting down their operation. This action followed a series of measures taken by Russia's government against ransomware operators, including Avaddon, in 2021. Following the shutdown, all decryption keys were sent to Bleeping Computer, an online tech support site, allowing victims to regain access to their encrypted files. In the aftermath of Avaddon's shutdown, the landscape of ransomware groups saw significant changes. Notably, NoEscape emerged as a rebrand of Avaddon, adopting multi-extortion tactics and becoming successful in the process. This shift was part of a broader trend of volatility and transformation among ransomware groups, highlighted by instances like the disruption of Hive ransomware, BlackByte's rebranding to Black Suit, and NoEscape's (formerly Avaddon) exit scam. NoEscape is now considered part of the Royal Ransomware lineage, along with Blackmatter, Hunters International, and Avaddon.

Description last updated: 2024-05-04T17:03:13.580Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
NoEscape is a possible alias for Avaddon. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

RaaS

Encryption

Healthcare

Esxi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The REvil Malware is associated with Avaddon. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th	Unspecified	4
The Hive Malware is associated with Avaddon. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The DarkSide Threat Actor is associated with Avaddon. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply across	Unspecified	5

Source Document References

Information about the Avaddon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	9 months ago	Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit
CERT-EU	9 months ago	International Operation Targets Notorious LockBit Ransomware Group \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	International Operation Targets Notorious LockBit Ransomware Group \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
InfoSecurity-magazine	10 months ago	LockBit Reigns Supreme in Soaring Ransomware Landscape
CERT-EU	10 months ago	Ransomware Activity Surged in 2023, Likely to Evolve in 2024 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	A look back to plan ahead \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	The Top 10 Ransomware Groups of 2023
CERT-EU	a year ago	Blacksuit Ransomware linked to Royal Ransomware - Cybersecurity Insiders
Fortinet	a year ago	Ransomware Roundup – NoEscape
CERT-EU	a year ago	Royal ransomware may soon rebrand, BlackSuit links confirmed
CERT-EU	a year ago	ASVEL basketball club slam dunked by NoEscape ransomware gang, data stolen
CERT-EU	a year ago	ASVEL basketball team confirms data breach after ransomware attack
CERT-EU	a year ago	Les dernières cyberattaques (24 octobre 2023)
CERT-EU	a year ago	Healthcare organizations a prime target for NoEscape ransomware, HHS warns
CERT-EU	a year ago	Feds Warn Healthcare Sector of 'NoEscape' RaaS Gang Threats
InfoSecurity-magazine	a year ago	Healthcare Sector Warned About New Ransomware Group NoEscape
BankInfoSecurity	a year ago	Feds Warn Healthcare Sector of 'NoEscape' RaaS Gang Threats
CERT-EU	a year ago	CERT-In issues alert for NoEscape ransomware \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Ransomware gang says it has hit International Joint Commission \| IT World Canada News