What is Avaddon Ransomware?
The Avaddon ransomware encrypts user data using AES-256 and RSA-2048, and then requires a ransom of $150 to $350 or more in BTC in order to return the files.
The distribution of this ransomware began in early June 2020. For the first time, Avaddon Ransomware was presented at one of the hacker forums that we know but do not want to “advertise” it again. And the extortionists themselves seem familiar to me, although they “write” their “creations” every time from scratch, the style and other elements of their “creativity” are easily guessed.
Avaddon Ransomware is targeted at users of several languages, contributing to the greatest distribution around the world. Judging by the ransomware onion site, these will be the following languages: English, German, Spanish, French, Italian, Portuguese, Chinese, Japanese, Korean.
Avaddon Ransomware ― Summary
| Name | Avaddon Virus |
| Extension | .avdn file virus |
| Type | Ransomware |
| Ransom | From $150 to $350 |
| Detection | Ransom:Win32/Avaddon.PA!MTB |
| Short Description | The ransomware modifies the documents on the attacked device through encryption and asks for the ransom to be paid by the victim supposedly to restore them. |
| Symptoms | The file virus encrypts the data by adding the .avdn extension, also generating the one-of-a-kind identifier. Note that the .avdn extension becomes the secondary one. |
| Distribution Method | It can be spread by hacking through an insecure RDP configuration, using email spam (the subject line of the message “Your new photo?” Or “Do you like my photo?”) And malicious attachments (for example, Image.jpg.js.zip), fraudulent downloads , botnets (Phorphiex / Trik), exploits, malicious ads, web injects, fake updates, repackaged and infected installers. |
| Technical Info | Written in C ++ using WinAPI. AES-256 and RSA-2048. Designed for Windows 7-10. |
| Fix Tool | See If Your System Has Been Affected by .avdn file virus |
Avaddon ― Spam campaign
What Is It and How Did I Get It?
The new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide. The first attack of the Avaddon is being in a spam campaign reminiscent of Nemty Ransomware.
In a wave of emails using subjects like “Your new photo?” or “Do you like my photo?” containing nothing but a winking smiley face, a JavaScript downloader for the Avaddon ransomware is being distributed.1
Emails using subjects like “Your new photo?” or “Do you like my photo?” – Avaddon ransomware
That means to the recipient, it would just appear as a .jpg file, as shown below.
Attached to these emails is a JavaScript file masquerading as a JPG photo with names like IMG145673.jpg. It is important to remember that Windows hides file extension by default, even though it is a known security risk.
Avaddon Ransomware
Infected PC Details
The ransom note is known by its well-known pattern: [number]-readme.html
Quotation of the scary message
Your network has been infected by Avaddon All your documents, photos, databases and other important files have been encrypted and you are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software - Avaddon General Decryptor. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page Download Tor browser - https://www.torproject.org/ Install Tor browser Open link in Tor browser - avaddonbotrxmuyl.onion Follow the instructions on this page Your ID: NDctTkFiSm8ycFVVdGxRV3ZhVVl6Rmt0V3NEY*** DO NOT TRY TO RECOVER FILES YOURSELF! DO NOT MODIFY ENCRYPTED FILES! OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER!
Replaces the wallpaper on the desktop with a pixel image with text urging you to read the instructions.
All your files has been encrypted Instruction XXXXXX-readme.html
The main informant of the victim, in addition to the ransom note, is the ransomware site, where there is a page with a timer with a QR code for payment.
The first page content:
Your network has been infected by Avaddon Don't worry, we can help you to restore all your files! Avaddon General Decryptor price is 150 USD* 4 : 00 : 00 : 00 *If you don’t pay before the time runs out, the price will be doubled! All your documents, photos, databases and other important files have been encrypted! To restore all your files you need to buy our special software - Avaddon General Decryptor! You can do it right now. Follow the instruction below. But remember that you do not have much time! 150 USD ≈ 0.01628378 BTC 3Pg4atmvjJTE8nqFqzQ5Pug1SCtyKSuviy NOT PAID 1. Buy the Bitcoin cryptocurrency. You will find instructions how you can do it below. 2. Send 0.01628378 BTC to the address: 3Pg4atmvjJTE8nqFqzQ5Pug1SCtyKSuviy (in ONE payment, this amount doesn’t include the transaction fee) 3. The transaction will be confirmed after receiving 6 confirmations 4. When the payment is confirmed, you can download the Avaddon General Decryptor. Attention! Please be careful and visually check the address after copy-paste (because on your PC there is probably a malware monitoring and changing the address in your clipboard)
The second page content:
- What's the matter? Your computer has been infected with Avaddon Ransomware. All your files have been encrypted and you are not able to decrypt it by yourself. To decrypt your files, you have to buy the Avaddon General Decryptor. - What can I do to get my files back? You should buy the software Avaddon General Decryptor. It will scan your PC, network share, all connected devices, and check for encrypted files and decrypt them. Current price: 150 USD. We accept the Bitcoin cryptocurrency. - What guarantees can you give me? To make sure that our descriptor is working, you can decrypt 3 files for free. But these files must be images because images usually are not valuable.
Remove Avaddon Ransomware
Reasons why I would recommend GridinSoft2
The is an excellent way to deal with recognizing and removing threats – using Gridinsoft Anti-Malware. This program will scan your PC, find and neutralize all suspicious processes3.
Download GridinSoft Anti-Malware.
You can download GridinSoft Anti-Malware by clicking the button below:
Run the setup file.
When setup file has finished downloading, double-click on the install-antimalware-fix.exe file to install GridinSoft Anti-Malware on your system.
An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.
Press “Install” button.
Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete.
GridinSoft Anti-Malware will automatically start scanning your system for Avaddon infections and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.
Click on “Clean Now”.
When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.
How to remove Avaddon Ransomware?
Name: Avaddon Ransomware
Description:
The Avaddon ransomware encrypts user data using AES-256 and RSA-2048, and then requires a ransom of $150 to $350 or more in BTC in order to return the files.
The distribution of this ransomware began in early June 2020. For the first time, Avaddon Ransomware was presented at one of the hacker forums that we know, but do not want to "advertise" it again. And the extortionists themselves seem familiar to me, although they “write” their “creations” every time from scratch, the style and other elements of their "creativity" are easily guessed.
Operating System: Windows
Application Category: Ransomware
User Review
( votes)References
- Read more about it here: https://www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/
- GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
- More information about GridinSoft products: https://gridinsoft.com/comparison
Please, tell me when will the decryptor come for avaddon, tell me approximate time?