Avaddon is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on June 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Avaddon Doxware.
Quick Facts
Ransomware Family
Avaddon
First Seen
June 1, 2020
Known Aliases
Avaddon Doxware
How Avaddon Ransomware Works
File Encryption Patterns
Avaddon modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..avdn./\.[A-Ea-e0-9]{10}$/
Ransom Note and Payment Demands
After encrypting files, Avaddon displays ransom notes demanding payment for file recovery:
filereadme.html
Ransom message:
notes/readme.html
Note locations:
EveryFolder
file1_readme.html
Ransom message:
notes/1_readme.html
Note locations:
RootDiscsDesktop
file/^[A-Za-z0-9]{2,8}_readme_?\.txt$/
Ransom message:
notes/STdKp4_readme.txt
Note locations:
EveryFolder
file/^[A-Za-z0-9]{2,8}-readme_?\.html$/
Ransom message:
notes/265155-readme.html
Note locations:
EveryFolder
screenshot
Ransom message:
notes/bckgrd.png
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Avaddon ransomware:
sava.bin
software.exe
Avaddon_09_06_2020_1054KB.exe
file.exe
program.exe
executable.exe
old.exe
sava.exe
jpr.exe
old.bin
img05960602020-jpg.scr
temp27472466.exe
5737263.exe
vget.exe
vnget.exe
5203508738.exe
646246465.exe
647274456.exe
6247427.exe
237502353.exe
taskhost.exe
wtava_1.exe
tava_1.exe
tava.exe
wtava.exe
tspm.exe
4939394.exe
7865336.exe
75365357.exe
temp377346.exe
05750050.exe
5893938.exe
58839304.exe
bit4bc0.tmp
lkx999.exe
senddebuglog
SendDebugLog.exe
1.exe
QkpxnTb.exe
BUIRansomSample.exe
rdp.exe
rdp.bin.exe
Avaddon.exe
exe_PPHK.exe
Elastio Can Help You
Don't let Avaddon ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Avaddon ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Avaddon.