Experts have developed a decryptor with which victims can recover encrypted files.
Operators of the ransomware Avaddon, known for attacks on the French insurance company AXA and Mexican government lottery sites, have ceased operations and handed over decryption keys to Bleeping Computer.
The journalists received an anonymous tip, allegedly from the US Federal Bureau of Investigation, containing a link to a password-protected archive with decryption keys. In total, the file included 2,934 keys.
The journalists handed the archive over to Emsisoft specialists, who developed a decryptor based on it, allowing victims to decrypt files encrypted by Avaddon.
All Avaddon sites on the darknet are currently unavailable. According to experts, in recent days ransomware hastily curtailed operations and tried to get the last payments from victims.
For what reasons the group, which has been operating since June 2020, decided to go out of business is still unclear. It is possible that this is due to the active actions of law enforcement agencies to combat extortionate groups after a series of high-profile attacks on critical infrastructure.
Catch up on more stories here
Follow us on Facebook here