The FBI and the ACSC (Australian Cyber Security Center) warn of an ongoing malicious Avaddon ransomware campaign targets organizations from a wide range of sectors around the world.
Specifically, The FBI issued a warning last week in which he stated that the Avaddon ransomware gang is trying to break into the networks of various private sector organizations - including those active in the construction and healthcare sectors - around the world.
The ACSC provided further information on the campaign on 10 May, noting that both the ransomware gang itself and its affiliates target entities from a wide range of sectors, including indicative of government, finance, law enforcement, energy, IT and health.
While the FBI only reports ongoing attacks, the ACSC also provides one list of countries under attack, including the USA, the United Kingdom, Germany, China, Brazil, India, the UAE, France and Spain.
The ACSC added that malicious agents associated with Avaddon ransomware threaten victims with DDoS attacks to persuade them to pay a ransom - they clearly threaten victims with leaks of stolen data and encryption of their systems.
However, according to the FBI, no evidence of DDoS attacks following Avaddon ransomware attacks has been found.
The Avaddon ransomware gang announced about for the first time in January 2021 that it will carry out DDoS attacks to shut down victims' sites or networks, until they agree to enter into negotiations and pay the ransom required.
BleepingComputer first reported this new trend to him October of 2020, when ransomware gangs began using DDoS attacks against their victims as an additional "means" to persuade victims to pay a ransom. At that time, the two ransomware companies that used this tactic were their own SunCrypt and RagnarLocker.
Samples of Avaddon ransomware detected for for the first time in February 2019, while he began to "recruit" associates June of 2020, after starting one massive spam campaign targeting users around the world.
The malicious agents involved in this RaaS business are responsible for breaching networks to develop payloads or distributing ransomware through spam messages or exploit kits. At the same time, operators are responsible for malware development and the operation of the Tor payment site.
Avaddon's RaaS company also requires affiliates to follow a set of rules, one of which is to have no goals in Commonwealth of Independent States (CIS).
The Avaddon gang pays to each partner 65% of ransom payments they bring, with them operators to receive a 35% share. However, as with other RaaS programs, larger companies can usually trade higher revenue streams depending on the size of their attacks.
Η average ransom payment required by Avaddon gang associates, is approx 0,73 bitcoin (approximately $ 41.000) in exchange for an encryption tool (Avaddon General Decryptor).
The gang associates are also known for theft of data from their victims' networks before encrypting systems, applying the so-called "double blackmail". This is a tactic used by almost all active ransomware companies, with victims usually informing their customers or employees about possible data breaches following ransomware attacks.
Source of information: bleepingcomputer.com