Avaddon ransomware decryptor released, but operators quickly reacted

Pierluigi Paganini February 11, 2021

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient.

The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free.

Yuste is a student at the Rey Juan Carlos University in Madrid, he developed the AvaddonDecrypter utility that could be used by victims of the ransomware when their computers should not have been powered off after the infection.

The utility developed by the experts dumps the RAM memory of the infected system and scans it for data that could allow to recover the encryption key.

“If enough information is recovered, the tool can then be used to decrypt files and help victims recover from Avaddon attacks without needing to pay the gang’s ransom demand.” reported ZDNet.

Unfortunately, the Avaddon ransomware operators were informed of the availability of the decryptor and released an update for the code of their malware that makes the tool inefficient.

avaddon ransomware message
Source ZDNet

Multiple security experts pointed out that the decision to publicly release decryption tools is not a good option when the decryptor exploit some flaws in the malware code, because it could help ransomware operators to fix the issues.

The fact that the Avaddon ransomware operators quickly addressed their code demonstrate the efficiency of their operations.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Avaddon ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment