ACSC warns of rising Avaddon ransomware attacks


By Dylan Bushell-Embling
Tuesday, 11 May, 2021

ACSC warns of rising Avaddon ransomware attacks

The Australian Cyber Security Centre (ACSC) has warned of ongoing ransomware campaigns targeting multiple Australian organisations.

The Avaddon ransomware-as-a-service campaign is actively targeting the government, academia and numerous commercial sectors, the ACSC warned in an advisory.

The malware is primarily spread using phishing and malicious email spam campaigns to deliver malicious JavaScript files, the ACSC said.

Other characteristics of the campaigns involving the ransomware variant include using ‘double extortion’ techniques as coercion and further pressure to pay a ransom including threatening to leak the victim’s data if a ransom is not paid, as well as threatening DDoS attacks against victims.

Once installed on a compromised system, Avaddon ransomware has a wide range of capabilities including capturing keystrokes, payment card data and system network information; creating, copying and deleting files; reading and writing memory; starting or stopping services; and gaining persistence via a Windows registry Run key.

Avaddon threat actors demand ransom payment via Bitcoin, with an average demand of around 0.73 bitcoin — amounting to around US$40,000 ($51,000).

To mitigate the risk of compromise, the ACSC is urging organisations to keep operating systems and applications up to date, scan emails and attachments for malware, and maintain offline, encrypted backups of data.

Training processes should be implemented to identify phishing and externally sourced emails, and backups should be regularly tested and kept offline or in separated networks, the ACSC said.

Image credit: ©stock.adobe.com/au/Lasha Kilasonia

Originally published here.

Related News

GenAI 'grey bots' scraping data from websites

Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...

Surge in GenAI data uploads increasing unintentional cyber risk: report

Without proper data security controls, GenAI can turn employees into unintentional...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd