Jump to content

Urgently Needed! Avaddon ransomware (.avdn)


Recommended Posts

Dear Amigo-A,

Thanks for your response

Okay then I'll be waiting for the positive result. Hope it'll help to restore my files soon *finger crossed* ☺️

Btw can you tell me how long does it take for the decryption specialist figured out to decrypt avdn files? because i urgently needed my files

Thank you so much for your help

  • Like 1
Link to comment
Share on other sites

  

6 hours ago, Superman ABD said:

And please tell the way to remove AVADDON from my pc permanently.

Removing malware can be done using antivirus software, which can be downloaded free of charge and run a scan in real time. If you are already on the Emsisoft company forum, then the logical action would be to download the Emsisoft software and check the system or all drives that are connected. Test results can be added to the message and Emsisoft specialists will help with the analysis of the results.

 

  • Thanks 1
Link to comment
Share on other sites

14 hours ago, Priskila said:

Btw can you tell me how long does it take for the decryption specialist figured out to decrypt avdn files? because i urgently needed my files

I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."

  • Thanks 2
Link to comment
Share on other sites

12 hours ago, Amigo-A said:

  

Removing malware can be done using antivirus software, which can be downloaded free of charge and run a scan in real time. If you are already on the Emsisoft company forum, then the logical action would be to download the Emsisoft software and check the system or all drives that are connected. Test results can be added to the message and Emsisoft specialists will help with the analysis of the results.

 

Thanks a lot for your great help sir.

You are one of the true AVENGERS who save the real world from ransomware and malware.

I use your Antivirus sir.

And please I kindly request you to create 100% successful way to decrypt avddon infected files.

There are many important files there.i spent a lot of time to create them.but in a few seconds that ransomware has spoiled my works.

Please sir please...I'm waiting for your answer.

  • Like 1
Link to comment
Share on other sites

16 hours ago, Amigo-A said:

I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."

Sir, thank you very very much for following up.

I have a question, is it possible to find a clue or a key for decryption from the avaddon virus file? 

Link to comment
Share on other sites

Specialists of several companies (Emsisoft, DrWeb) are working on decryption of files that are encrypted by Avaddon.
There are currently no decryptors and successful decryption methods without paying a pay for ransom.

  • Thanks 2
Link to comment
Share on other sites

5 hours ago, Amigo-A said:

Specialists of several companies (Emsisoft, DrWeb) are working on decryption of files that are encrypted by Avaddon.
There are currently no decryptors and successful decryption methods without paying a pay for ransom.

Dear Amigo-A sir/madam, I'm going to format my AVADDON infected pc totally and upgrade my windows.

So can I move and keep my most important AVADDON infected files to any flash or external harddrive?

After you create AVADDON decrypter, can I decrypt my flash moved AVADDON infected files?

are there any problems to decrypt infected files which moved from infected pc to another device (flash,external harddrive)?

Can I move my important AVADDON infected files from infected pc?    please answer....

Link to comment
Share on other sites

11 hours ago, Amigo-A said:

@Superman ABD

Usually yes, need move to other disk all encrypted files and a ransom note , because it contains a unique code.
In this case, I can’t say for sure, because not yet received results.

Most likely, you can move files and reinstall the system.

Sir! Can i keep other files(non ransomware affected files) in the same flash drive?

Are there any problems in this method?

Link to comment
Share on other sites

Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files.

For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.

  • Thanks 2
Link to comment
Share on other sites

9 hours ago, GT500 said:

Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files.

For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.

@GT500

but my important files are in other local disks,not in C.

So if I reinstall windows,that will not affect my encrypted files which are in other local disks. isn't it sir?

And I already use your antivirus.if this antivirus wiped the other things which need to decryption? What can I do sir?

Link to comment
Share on other sites

I did not have time to add this yesterday.

Avaddon ransomware and its operators do not care about decrypting files after paying the ransom. Most likely, they will receive a day and hide. This has already happened to those who paid the ransom. They received neither a decryptor nor a feedback. The page that should automatically propose this turned out to be inoperative - error 404.
This may be a temporary technical problem, but any such incident means that the extortionist will spit about your files. They need money, money, and again money.

Be careful! Do not let yourself be fooled!

  • Like 1
Link to comment
Share on other sites

5 hours ago, Amigo-A said:

I did not have time to add this yesterday.

Avaddon ransomware and its operators do not care about decrypting files after paying the ransom. Most likely, they will receive a day and hide. This has already happened to those who paid the ransom. They received neither a decryptor nor a feedback. The page that should automatically propose this turned out to be inoperative - error 404.
This may be a temporary technical problem, but any such incident means that the extortionist will spit about your files. They need money, money, and again money.

Be careful! Do not let yourself be fooled!

Ok thank you sir. I always trust you.and I'm waiting only for your AVADDON decrypter.I never trust them.

Please consider my request.

Shall I reinstall windows or not? because till AVADDON affect my pc,I used windows 7 professional.now it has expired and no secure.so I'm going to upgrade to 10.

Are there any problems to my important ransomware affected files by upgrade my windows?. Please sir ...answer.

Should I keep those files in same pc with same windows or can I move them to another disk?

  • Like 1
Link to comment
Share on other sites

On 6/25/2020 at 3:31 AM, Superman ABD said:

but my important files are in other local disks,not in C.

The ransomware doesn't need to put important information on the same hard drive/partition as the files it encrypted. This is why I recommend waiting to reinstall Windows.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

1 hour ago, GT500 said:

The ransomware doesn't need to put important information on the same hard drive/partition as the files it encrypted. This is why I recommend waiting to reinstall Windows.

Ok sir I'm waiting for you .

But can you let me know about your results in decryption of AVADDON infected files?

Did you get any positive results in decryption of AVADDON files?

Link to comment
Share on other sites

9 hours ago, Amigo-A said:

Hello. Information was sent to virus monitoring team, please, wait for reply. 

I received such a message from Dr.Web specialists. They are working on decryption.

Sir, how to find my AVADDON ID is online or offline?

My AVADDON ID ends with " 0= ". Is it online or offline Id sir ?

Link to comment
Share on other sites

id.png.9cb376c504073a5dec20c5f109f9627e.png

The ID is in the ransom note. It is not divided into online and offline, as is done in 'STOP Ransomware'.

At this point in time have been no public result of research yet. Or I haven’t seen him yet. 

Decryption without an original decryptor and private keys is a rather time-consuming process. Here you or we can’t somehow speed up the process or push decryption specialists. They will do everything they can and even more. You and we just need to wait for the results.

  • Thanks 1
Link to comment
Share on other sites

5 hours ago, Superman ABD said:

My AVADDON ID ends with " 0= ". Is it online or offline Id sir ?

The Online/offline ID thing only applies to the STOP/Djvu ransomware, as it uses pre-programmed credentials to encrypt files when it can't connect to its command and control servers so that the criminals can try to maximize their illicit income from victims paying the ransom.

  • Like 1
Link to comment
Share on other sites

1 hour ago, GT500 said:

The Online/offline ID thing only applies to the STOP/Djvu ransomware

For reference:
Previously, this method was still in CryptoMix Ransomware and some other ransomware. In the same way, it was possible to decrypt files encrypted offline with keys if the PC was disconnected from the Internet or the ransomware server was inaccessible. 

  • Thanks 1
Link to comment
Share on other sites

In regards to reinstalling Windows, we haven't found anything that would suggest you shouldn't do it, however it would be best to wait for Dr. Web to finish their analysis as well just in case they find a reason why reinstalling Windows would be bad.

  • Thanks 1
Link to comment
Share on other sites

20 hours ago, Superman ABD said:

Can't I decrypt my very very important files anymore?

That's what it looks like, however we recommend waiting for Dr. Web to complete their analysis just in case there was something we overlooked.

  • Sad 2
Link to comment
Share on other sites

1 hour ago, GT500 said:

That's what it looks like, however we recommend waiting for Dr. Web to complete their analysis just in case there was something we overlooked.

 Ok sir.as soon as you get the results from Dr.web,please inform here sir.

All of we are expecting positive results.please sir....

Link to comment
Share on other sites

On 6/28/2020 at 1:38 PM, GT500 said:

That's what it looks like, however we recommend waiting for Dr. Web to complete their analysis just in case there was something we overlooked.

sir. did you get any good news from Dr.web about decrypting avaddon files? please sir, we are eagerly waiting for your answer sir.

Link to comment
Share on other sites

For files that received the .avdn extension after encryption, I provided 2 different samples of the encryptor in DrWeb.
In the newer version, files already receive 'random' extensions. These are other samples of the encryptor. Most likely, newer ones will cardinally differ from earlier ones.

I contact Dr.Web specialists as a usual user. But I collect and provide all available information, encryptor samples and everything else that is needed.

Main link:  https://legal.drweb.com/encoder/?lng=en  Support works in 10 languages. 

Anyone can order a test decryption by providing:
- 5 different encrypted files and unencrypted original files;
- a original unedited ransom note.
No need to change anything in the files. 

If the victim has not previously used DrWeb products and there was no active DrWeb protection on his PC when the files were encrypted, then after a successful tested decrypt, you will need to purchase the Rescue Package for 150 euros. Support specialists will tell you what needs to be done.

 

  • Thanks 1
Link to comment
Share on other sites

56 minutes ago, Amigo-A said:

If the victim has not previously used DrWeb products and there was no active DrWeb protection on his PC when the files were encrypted, then after a successful tested decrypt, you will need to purchase the Rescue Package for 150 euros. Support specialists will tell you what needs to be done.

 

Sir, is this purchase essential one?

Because I already purchased another antivirus after the attack and it has long time to expire.

Won't they release the decryptor only?

Link to comment
Share on other sites

1 hour ago, Amigo-A said:

 

Anyone can order a test decryption by providing:
- 5 different encrypted files and unencrypted original files;
- a original unedited ransom note.
No need to change anything in the files. 

 

Sir. I have no unencrypted original files.because whole of my files have been encrypted by AVADDON.

What can I do sir?

Link to comment
Share on other sites

17 hours ago, Superman ABD said:

Sir, is this purchase essential one?

Because I already purchased another antivirus after the attack and it has long time to expire.

Won't they release the decryptor only?

Dr. Web does not release free decrypters. Their ransomware decryption service is strictly a paid service, however they will at least let you know if your files can be decrypted before they require you to pay anything.

 

17 hours ago, Superman ABD said:

Sir. I have no unencrypted original files.because whole of my files have been encrypted by AVADDON.

What can I do sir?

If they do require a file pair, then you'll need to find one. Try to remember if you ever sent any files to others (via e-mail, file sharing services, etc) or if you ever saved them to any kind of external media (CD's, DVD's, USB flash drives, etc).

  • Thanks 1
Link to comment
Share on other sites

DrWeb has been producing free decoders for many years, and was the first to start doing it. He continues to do free decryption for his licensed users around the world. 
Test decryption is done for free. It is better, than paying first, and then saying that decryption is impossible. 
I made a request — separately the decryption service is not provided. Only within the scope of 'Rescue Package'. 
Now more computing power is required to provide a decryption service, therefore it cannot be absolutely free to all affected users.

  • Like 1
Link to comment
Share on other sites

Necessary requirements are indicated on the page https://legal.drweb.com/encoder/?lng=en and in the form of sending files, they can be attached to the message.
For different decryption, different elements may be needed. File pairs may not be needed if there is an encoder file that was found. But what will happen in each case, I do not know.

You can try to send only encrypted files and a note with ID.
The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 
SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 
SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6

But you can only specify a link to the article. It has both earlier and newer Avaddon Ransomware samples.

 

  • Thanks 1
Link to comment
Share on other sites

12 hours ago, Amigo-A said:

Necessary requirements are indicated on the page https://legal.drweb.com/encoder/?lng=en and in the form of sending files, they can be attached to the message.
For different decryption, different elements may be needed. File pairs may not be needed if there is an encoder file that was found. But what will happen in each case, I do not know.

You can try to send only encrypted files and a note with ID.
The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 
SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 
SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6

But you can only specify a link to the article. It has both earlier and newer Avaddon Ransomware samples.

 

Sir, I sent a request to this page https://legal.drweb.com/encoder/?lng=en and attached my encrypted files which got infected by avaddon but they said that files got encrypted by 'Medusalocker' And can not decrypt them whereas my files have '.avdn' extension.

What's the problem? I can not decrypt my files? 

Thank you in advance

Link to comment
Share on other sites

8 hours ago, Blkrt said:

Sir, I sent a request to this page https://legal.drweb.com/encoder/?lng=en and attached my encrypted files which got infected by avaddon but they said that files got encrypted by 'Medusalocker' And can not decrypt them whereas my files have '.avdn' extension.

What's the problem? I can not decrypt my files? 

Thank you in advance

It's possible your files were encrypted by one ransomware, and then encrypted by another as well. We wouldn't be able to tell for certain without seeing an encrypted file and a copy of the ransom note.

  • Like 1
Link to comment
Share on other sites

2 hours ago, GT500 said:

It's possible your files were encrypted by one ransomware, and then encrypted by another as well. We wouldn't be able to tell for certain without seeing an encrypted file and a copy of the ransom note.

Sir, how can I specify that my files were encrypted by one or two ransomware?

Is it possible to decrypt them?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...