Avaddon

Malware updated 23 days ago (2024-11-29T13:39:24.918Z)
Download STIX
Preview STIX
Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like VMWare ESXi and Synology NAS. In February 2021, the Avaddon operators announced a temporary increase in profit share to 80% following the release of a decryption tool that threatened their operation's profitability. The Avaddon ransomware group had connections within the cybercriminal community, notably with individuals like Kondratiev, also known as "Bassterlord" and "Fisheye," who had ties to other ransomware groups including REvil, RansomEXX, and Avaddon. The Avaddon ransomware group ceased operations on June 11, after which they released decryption keys, effectively shutting down their operation. This action followed a series of measures taken by Russia's government against ransomware operators, including Avaddon, in 2021. Following the shutdown, all decryption keys were sent to Bleeping Computer, an online tech support site, allowing victims to regain access to their encrypted files. In the aftermath of Avaddon's shutdown, the landscape of ransomware groups saw significant changes. Notably, NoEscape emerged as a rebrand of Avaddon, adopting multi-extortion tactics and becoming successful in the process. This shift was part of a broader trend of volatility and transformation among ransomware groups, highlighted by instances like the disruption of Hive ransomware, BlackByte's rebranding to Black Suit, and NoEscape's (formerly Avaddon) exit scam. NoEscape is now considered part of the Royal Ransomware lineage, along with Blackmatter, Hunters International, and Avaddon.
Description last updated: 2024-05-04T17:03:13.580Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
NoEscape is a possible alias for Avaddon. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
RaaS
Encryption
Healthcare
Esxi
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The REvil Malware is associated with Avaddon. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. ThUnspecified
4
The Hive Malware is associated with Avaddon. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostagUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The DarkSide Threat Actor is associated with Avaddon. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
5
Source Document References
Information about the Avaddon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
DARKReading
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Fortinet
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago