Spanish student created free decryptor for Avaddon, but malware has already been updated

free decryptor for Avaddon
Written by Emma Davis

Student Javier Yuste from the King Juan Carlos University of Madrid has created a free decryptor for the Avaddon ransomware – AvaddonDecrypter.

However, unfortunately, this solution was not universal – it could only help new victims of the malware and only worked if the victims did not turn off their computers after the attack.

For example, AvaddonDecrypter dumped the infected system’s RAM and scanned the contents of the memory for data that could be used to restore the original encryption key. If the key could be recreated, free file decryption became available.

Unfortunately, the malware developers quickly noticed the release of AvaddonDecrypter. In the middle of this week, the attackers reported that they had updated their ransomware code so that AvaddonDecrypter would stop working.

free decryptor for Avaddon

The cybercriminals’ prompt reaction gave a new round to the long-standing dispute that information security specialists have been waging for a long time.

For example, some experts are convinced that decryptors that exploit various errors in the malware code should remain confidential and disseminate among victims only through closed channels. In case if such tools should still be made public, their publication should not be accompanied by any technical details and data that would tell attackers how best to fix their own code.

For example, specialists from MalwareHunterTeam accompanied the decryption by Javier Yuste with the following caustic comment.

Good work, but it is nothing sensational… Actually, it would be much more helpful (or maybe even say, only would be helpful) if he not published this only says something like “if you got Avaddon ransomware, contact me immediately.MalwareHunterTeam representatives wrote on Twitter.

If the decryptor is based on master decryption keys obtained from hackers’ servers, it can be published in the public domain, since criminals cannot do anything with such tools.

Let me also remind you that recently creator of the Ziggy ransomware reported that the malware stopped working. And he has published keys to recover encrypted files from victims.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.