Tuesday, April 29, 2025
HomeRansomwareBeware!! Avaddon Ransomware Attack Organizations in a variety of Sectors Around The...

Beware!! Avaddon Ransomware Attack Organizations in a variety of Sectors Around The Globe

Published on

SIEM as a Service

Follow Us on Google News

Recently, the Australian Cyber Security Centre (ACSC) along with the Federal Bureau of Investigation (FBI) has detected ongoing attacks of the “Avaddaon ransomware,” that is targeting the organizations in a variety of sectors.

The cybersecurity researchers at ACSC have claimed in their report that this Avaddon ransomware campaign is continuously targeting the organizations globally in various industries, that includes the sectors like government, finance, energy, manufacturing, and healthcare organizations.

According to the FBI flash alert report of last week cleared that the hackers of this Avaddon ransomware are trying to break the networks of manufacturing, healthcare, and other private sector organizations.

- Advertisement - Google News

The Avaddon ransomware is used by the threat actors as a ransomware-as-a-service campaign and it’s being spread using phishing and malicious email spam operations so that the hackers can easily deliver the malicious JavaScript files.

Targeted Countries and Sectors

After thoroughly analyzing the Avaddon ransomware, the specialists have listed all the countries as well as the sectors that are targeted by this ransomware, and here we have mentioned them below.

Targeted countries:-

  • Australia  
  • Belgium 
  • Brazil   
  • Canada 
  • China    
  • Costa Rica 
  • Czech Republic 
  • France 
  • Germany   
  • India 
  • Indonesia   
  • Italy 
  • Jordan   
  • Peru 
  • Poland   
  • Portugal 
  • Spain    
  • United Arab Emirates 
  • United Kingdom   
  • United States

Targeted Sectors:-

  • Academia
  • Airlines
  • Construction
  • Energy
  • Equipment
  • Financial
  • Freight and Transport
  • Government
  • Health
  • Hospitality
  • Information Technology
  • Law Enforcement
  • Manufacturing 
  • Marketing
  • Retail
  • Pharmaceutical
  • Virtual Entertainment

Avaddon conceives bare DDoS strikes

During the investigation, the security analysts have found that the threat actors who were behind Avaddon ransomware were attacking with denial-of-service (DDoS) attacks.

But the report of the FBI has cleared that they have not yet found any evidence regarding DDoS attacks. However, this ransomware attack has been first found in January 2021.

Avaddon Ransomware

Moreover, at that time the experts reported about two other ransomware operations (SunCrypt and RagnarLocker), and here the most interesting thing about their operation is that they both were using this new manoeuvre.

Hackers Used the Stolen Data as Leverage

According to the report, this ransomware was initially detected in February 2019, and in June the hackers started recruiting affiliates so that they can execute its operation.

Avaddon was rewarded each affiliate nearly 65% of ransom payments, and on the other side, the operators of this Avaddon ransomware were getting nearly 35% share of the accumulated ransom.

For the decryption tool (Avaddon General Decryptor), the affiliates of Avaddon generally demands an average ransom payment of about $41,627 (0.73 bitcoins).

Moreover, the hackers of the Avaddon RaaS operation also ask each and every affiliate to follow some rules that are being set by them.  

Mitigations

The experts said that these kind of attacks are quite common, but one should know how to keep themselves safe from such attacks. However, the researchers have recommended some mitigations for the organizations, and here we have mentioned them below:-

  • Always keep the operating systems updated with the latest security fixes. 
  • Always keep the applications, and antivirus tools up to date.
  • Always keep scanning the emails and attachments to detect and block malware.
  • Implement training and processes to recognize phishing and externally sourced emails.
  • Always do a regular test of your backups, and also have an offline, encrypted backup of data.
  • Regularly perform backup procedures and keep backups offline in a separated network.

Before encrypting the systems the Avaddon ransomware affiliates also steal the data from their victims’ networks only for the double-extortion, and they are well-known for this exercise.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Blinded from Above: How Relentless Cyber-Attacks Are Knocking Satellites Out of Sight

According to the Center for Strategic & International Studies' (CSIS) 2025 Space Threat Assessment,...

Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions – Technical Details Revealed

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting...

Threat Actors Accelerate Transition from Reconnaissance to Compromise – New Report Finds

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from...

ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks

A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...