Hackers behind Avaddon ransomware give up decryption keys for free

Ransomware has plagued many large companies around the United States and the world recently. An attack shut down a pipeline in the US not long ago, leading to fuel shortages in some areas and the company that owns the pipeline paying millions to decrypt their files. Another high-profile ransomware attack saw a US-based food company pay millions to hackers to decrypt their systems and prevent files from being leaked. While ransomware attacks are highly effective and can be big moneymakers for attackers, the group behind Avaddon is shutting down and has released the decryption keys for all of their victims.The report indicates that an email has gone out that pretends to be from the FBI containing a password and a link to a password-protected zip file. The file claimed to be the decryption keys for Avaddon ransomware. The file was sent to a security researcher named Fabian Wosar from Emsisoft and Michael Gillespie from Coverware.

The two researchers looked into the software attached to the email and determined that it was legitimate and contained the decryption keys for users who fell victim to Avaddon. Emsisoft shared a test decrypter with BleepingComputer, and the publication could decrypt a virtual machine that was encrypted with a recent sample of Avaddon verifying the software worked.

The hacker or hackers behind the ransomware released 2934 decryption keys, with each key corresponding to a victim of the group. Emsisoft released a free decryptor program that any victim of the software can use to recover their files at no cost. The decryptor file can be accessed here.

It's not entirely uncommon when ransomware software is being shut down for the hackers behind the software to release the decryption keys as a goodwill gesture. However, it could potentially indicate that a new version of the software is coming. In this instance, the Tor sites pertaining to Avaddon have been shut down, indicating the operation has likely ended.