Priskila

Urgently Needed! Avaddon ransomware (.avdn)

Recommended Posts

17 hours ago, Blkrt said:

but they said that files got encrypted by 'Medusalocker' And can not decrypt

DrWeb support usually do not use international names of ransomware.

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites

In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.

Thank you for your response, I checked the links and it's surely encrypted by avaddon ransomware.

Sir, is there any positive result for decrypting .avdn file? 

Share this post


Link to post
Share on other sites

12 days have passed since I sent the files and samples. No news yet. I check e-mail every day.

Quote

Hello Information was sent to virus monitoring team, please, wait for reply.

 

  • Thanks 1
  • Sad 1

Share this post


Link to post
Share on other sites
58 minutes ago, Amigo-A said:

12 days have passed since I sent the files and samples. No news yet. I check e-mail every day.

 

Thank you very very much for following up sir.

Share this post


Link to post
Share on other sites
On 7/3/2020 at 10:42 AM, GT500 said:

Dr. Web does not release free decrypters. Their ransomware decryption service is strictly a paid service, however they will at least let you know if your files can be decrypted before they require you to pay anything.

 

If they do require a file pair, then you'll need to find one. Try to remember if you ever sent any files to others (via e-mail, file sharing services, etc) or if you ever saved them to any kind of external media (CD's, DVD's, USB flash drives, etc).

Ok sir I will try your idea.thanks for that.

But won't you release the AVADDON decrypter in your website sir?

It will be very helpful to all. Won't you sir?

Share this post


Link to post
Share on other sites
8 hours ago, Amigo-A said:

12 days have passed since I sent the files and samples. No news yet. I check e-mail every day.

 

When you get the reply from them please post here sir.we are waiting for that sir please..

The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 
SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 
SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6

Dear Amigo-A sir, what are these names?

What can I do with it sir?

Share this post


Link to post
Share on other sites
6 hours ago, Superman ABD said:

What can I do with it sir?

This information may help specialists.

I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change.

You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists.

A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. hi.gif.a08da07cd74140e3358a52e73fa92133.gif
Download Image

  • Like 2

Share this post


Link to post
Share on other sites
2 hours ago, Amigo-A said:

This information may help specialists.

I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change.

You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists.

A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. hi.gif.a08da07cd74140e3358a52e73fa92133.gif
Download Image
Download Image

One day Your hard work will be helpful  to everyone sir.we support you.

Can I send my decrypted files and note to you sir?

I didn't send them to dr.web yet.before that can I send them to you sir?will you check my AVADDON files are decryptable or not?

  • Like 1

Share this post


Link to post
Share on other sites
On 7/5/2020 at 4:49 PM, Superman ABD said:

will you check my AVADDON files are decryptable or not?

I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. 

You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication.

  • Thanks 1

Share this post


Link to post
Share on other sites
On 7/4/2020 at 10:36 PM, Superman ABD said:

But won't you release the AVADDON decrypter in your website sir?

Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it.

Sir, is there any possibility that the decrypter will be maked in the future?

  • Like 1

Share this post


Link to post
Share on other sites
12 minutes ago, Blkrt said:

Sir, is there any possibility that the decrypter will be maked in the future?

In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files.

  • Thanks 2

Share this post


Link to post
Share on other sites
On 7/6/2020 at 7:44 PM, Amigo-A said:

I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. 

You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication.

Sir. I have checked my avaddon files in Dr.web.they said decryption is not possible.

Now what should I do sir? Shall I save my important infected files for future?

In future, will decryption be possible 100%? 

How long time it will take to find a decrypter? Sir .

Share this post


Link to post
Share on other sites
13 hours ago, Superman ABD said:

Shall I save my important infected files for future?

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

 

13 hours ago, Superman ABD said:

In future, will decryption be possible 100%?

There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption.

 

13 hours ago, Superman ABD said:

How long time it will take to find a decrypter?

Unfortunately it isn't possible to know if or when that may happen.

  • Thanks 2

Share this post


Link to post
Share on other sites
10 hours ago, GT500 said:

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

 

There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption.

 

Unfortunately it isn't possible to know if or when that may happen.

Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service .

Share this post


Link to post
Share on other sites
13 hours ago, Superman ABD said:

Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service .

I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
On 7/11/2020 at 10:35 AM, GT500 said:

I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.

Ok thank you sir. But I have a doubt.when ransomware affected my pc I used windows 7.but in windows 10 that OS security already has ransomware protection.

So my question is, is this protection enough to protect from all ransomware?

Do we need additional ransomware protection?

 

Share this post


Link to post
Share on other sites
7 hours ago, Superman ABD said:

So my question is, is this protection enough to protect from all ransomware?

Do we need additional ransomware protection?

We don't generally recommend relying on free protection, or protection built in to the Operating System.

You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection.

  • Thanks 1

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

We don't generally recommend relying on free protection, or protection built in to the Operating System.

You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection.

Ok thank you sir.thanks for your help.i will try emsisoft anti malware sir.thankyou

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.