Jump to content

Urgently Needed! Avaddon ransomware (.avdn)


Recommended Posts

1 hour ago, Amigo-A said:

In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.

Thank you for your response, I checked the links and it's surely encrypted by avaddon ransomware.

Sir, is there any positive result for decrypting .avdn file? 

Link to comment
Share on other sites

On 7/3/2020 at 10:42 AM, GT500 said:

Dr. Web does not release free decrypters. Their ransomware decryption service is strictly a paid service, however they will at least let you know if your files can be decrypted before they require you to pay anything.

 

If they do require a file pair, then you'll need to find one. Try to remember if you ever sent any files to others (via e-mail, file sharing services, etc) or if you ever saved them to any kind of external media (CD's, DVD's, USB flash drives, etc).

Ok sir I will try your idea.thanks for that.

But won't you release the AVADDON decrypter in your website sir?

It will be very helpful to all. Won't you sir?

Link to comment
Share on other sites

8 hours ago, Amigo-A said:

12 days have passed since I sent the files and samples. No news yet. I check e-mail every day.

 

When you get the reply from them please post here sir.we are waiting for that sir please..

The encoder name in the DrWeb database is Trojan.DownLoader33.50335, Trojan.DownLoader33.59028 
SHA-256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2 
SHA-256: fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6

Dear Amigo-A sir, what are these names?

What can I do with it sir?

Link to comment
Share on other sites

6 hours ago, Superman ABD said:

What can I do with it sir?

This information may help specialists.

I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change.

You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists.

A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. hi.gif.a08da07cd74140e3358a52e73fa92133.gif

  • Like 2
Link to comment
Share on other sites

2 hours ago, Amigo-A said:

This information may help specialists.

I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change.

You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists.

A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt. hi.gif.a08da07cd74140e3358a52e73fa92133.gif
Download Image

One day Your hard work will be helpful  to everyone sir.we support you.

Can I send my decrypted files and note to you sir?

I didn't send them to dr.web yet.before that can I send them to you sir?will you check my AVADDON files are decryptable or not?

  • Like 1
Link to comment
Share on other sites

On 7/5/2020 at 4:49 PM, Superman ABD said:

will you check my AVADDON files are decryptable or not?

I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. 

You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication.

  • Thanks 1
Link to comment
Share on other sites

On 7/4/2020 at 10:36 PM, Superman ABD said:

But won't you release the AVADDON decrypter in your website sir?

Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it.

  • Like 1
Link to comment
Share on other sites

12 minutes ago, Blkrt said:

Sir, is there any possibility that the decrypter will be maked in the future?

In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files.

  • Thanks 2
Link to comment
Share on other sites

On 7/6/2020 at 7:44 PM, Amigo-A said:

I have already looked through a lot of files. I have no way to decrypt them. Extortionists has changed encryption. 

You need to send to Dr Web files. They will let you know when files can be decrypted. It may happen in the future. They re-open the ticket and report by email. It is important not to drop email. There will be no other means of communication.

Sir. I have checked my avaddon files in Dr.web.they said decryption is not possible.

Now what should I do sir? Shall I save my important infected files for future?

In future, will decryption be possible 100%? 

How long time it will take to find a decrypter? Sir .

Link to comment
Share on other sites

13 hours ago, Superman ABD said:

Shall I save my important infected files for future?

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

 

13 hours ago, Superman ABD said:

In future, will decryption be possible 100%?

There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption.

 

13 hours ago, Superman ABD said:

How long time it will take to find a decrypter?

Unfortunately it isn't possible to know if or when that may happen.

  • Thanks 2
Link to comment
Share on other sites

10 hours ago, GT500 said:

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
https://www.bleepingcomputer.com/

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
https://www.bleepingcomputer.com/feed/

 

There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption.

 

Unfortunately it isn't possible to know if or when that may happen.

Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service .

Link to comment
Share on other sites

13 hours ago, Superman ABD said:

Ok sir.thank you. I'm waiting for that sir.if you find decrypter please inform here sir.i always connect with your support service .

I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

On 7/11/2020 at 10:35 AM, GT500 said:

I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.

Ok thank you sir. But I have a doubt.when ransomware affected my pc I used windows 7.but in windows 10 that OS security already has ransomware protection.

So my question is, is this protection enough to protect from all ransomware?

Do we need additional ransomware protection?

 

Link to comment
Share on other sites

7 hours ago, Superman ABD said:

So my question is, is this protection enough to protect from all ransomware?

Do we need additional ransomware protection?

We don't generally recommend relying on free protection, or protection built in to the Operating System.

You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection.

  • Thanks 1
Link to comment
Share on other sites

12 hours ago, GT500 said:

We don't generally recommend relying on free protection, or protection built in to the Operating System.

You can try our Emsisoft Anti-Malware if you'd like, or another Anti-Virus software, but we do recommend paid protection over free protection.

Ok thank you sir.thanks for your help.i will try emsisoft anti malware sir.thankyou

  • Upvote 1
Link to comment
Share on other sites

  • 4 weeks later...
  • 9 months later...

For all 

To the attention of victims of this ransomware. If you have subscribed to this topic or follow the news... there is good news. 
Emsisoft obtained the decryption keys and made a decryptor that works with these keys.
It is possible that your decryption key is among them.
Download and run the Emsisoft Decryptor for Avaddon.
https://www.emsisoft.com/ransomware-decryption-tools/avaddon

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...