Avaddon ransomware: an in-depth analysis and decryption of infected systems

02/09/2021
by   Javier Yuste, et al.
0

The commoditization of Malware-as-a-Service (MaaS) allows criminals to obtain financial benefits at a low risk and with little technical background. One such popular product in the underground economy is ransomware. In ransomware attacks, data from infected systems is held hostage (encrypted) until a fee is paid to the criminals. This modus operandi disrupts legitimate businesses, which may become unavailable until the data is restored. A recent blackmailing strategy adopted by criminals is to leak data online from the infected systems if the ransom is not paid. Besides reputational damage, data leakage might produce further economical losses due to fines imposed by data protection laws. Thus, research on prevention and recovery measures to mitigate the impact of such attacks is needed to adapt existing countermeasures to new strains. In this work, we perform an in-depth analysis of Avaddon, a ransomware offered in the underground economy as an affiliate program business. This has infected and leaked data from at least 23 organizations. Additionally, it runs Distributed Denial-of-Service (DDoS) attacks against victims that do not pay the ransom. We first provide an analysis of the criminal business model from the underground economy. Then, we identify and describe its technical capabilities. We provide empirical evidence of links between this variant and a previous family, suggesting that the same group was behind the development and, possibly, the operation of both campaigns. Finally, we describe a method to decrypt files encrypted with Avaddon in real time. We implement and test the decryptor in a tool that can recover the encrypted data from an infected system, thus mitigating the damage caused by the ransomware. The tool is released open-source so it can be incorporated in existing Antivirus engines.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/30/2023

Differential Area Analysis for Ransomware: Attacks, Countermeasures, and Limitations

Crypto-ransomware attacks have been a growing threat over the last few y...
research
08/10/2021

Secure k-Anonymization over Encrypted Databases

Data protection algorithms are becoming increasingly important to suppor...
research
11/09/2019

Protecting from Malware Obfuscation Attacks through Adversarial Risk Analysis

Malware constitutes a major global risk affecting millions of users each...
research
07/23/2021

Malware Analysis with Artificial Intelligence and a Particular Attention on Results Interpretability

Malware detection and analysis are active research subjects in cybersecu...
research
02/17/2022

A Method for Decrypting Data Infected with Hive Ransomware

Among the many types of malicious codes, ransomware poses a major threat...

Please sign up or login with your details

Forgot password? Click here to reset