- Home
- Detectable Ransomware
- Avaddon
Ransomware Research
Avaddon Ransomware
Avaddon is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on June 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Avaddon Doxware.
Quick Facts
- Ransomware Family
- Avaddon
- First Seen
- June 1, 2020
- Known Aliases
- Avaddon Doxware
How Avaddon Ransomware Works
File Encryption Patterns
Avaddon modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..avdn
./\.[A-Ea-e0-9]{10}$/
Ransom Note and Payment Demands
After encrypting files, Avaddon displays ransom notes demanding payment for file recovery:
readme.html
Ransom message:
notes/readme.html
Note locations:
EveryFolder
1_readme.html
Ransom message:
notes/1_readme.html
Note locations:
RootDiscs
Desktop
/^[A-Za-z0-9]{2,8}_readme_?\.txt$/
Ransom message:
notes/STdKp4_readme.txt
Note locations:
EveryFolder
/^[A-Za-z0-9]{2,8}-readme_?\.html$/
Ransom message:
notes/265155-readme.html
Note locations:
EveryFolder
Ransom message:
notes/bckgrd.png
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Avaddon ransomware:
sava.bin
software.exe
Avaddon_09_06_2020_1054KB.exe
file.exe
program.exe
executable.exe
old.exe
sava.exe
jpr.exe
old.bin
img05960602020-jpg.scr
temp27472466.exe
5737263.exe
vget.exe
vnget.exe
5203508738.exe
646246465.exe
647274456.exe
6247427.exe
237502353.exe
taskhost.exe
wtava_1.exe
tava_1.exe
tava.exe
wtava.exe
tspm.exe
4939394.exe
7865336.exe
75365357.exe
temp377346.exe
05750050.exe
5893938.exe
58839304.exe
bit4bc0.tmp
lkx999.exe
senddebuglog
SendDebugLog.exe
1.exe
QkpxnTb.exe
BUIRansomSample.exe
rdp.exe
rdp.bin.exe
Avaddon.exe
exe_PPHK.exe
Elastio Can Help You
Don't let Avaddon ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Avaddon ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Avaddon.
Last updated: July 30, 2025