The information security company ESET detected a high activity of a new ransomware in the market, including with a strong presence in Brazil and other countries in Latin America.
This is Avaddon, a scam that is actually ransomware as a service (RaaS). This type of threat is a kind of ready-made kit that is developed by a more experienced cybercriminal and can be marketed to other groups that want to attack specific systems, perhaps by making small customizations to the original code.
Avaddon was first detected in June 2020 and this year alone it has already killed at least five systems in Brazil, Peru, Chile and Costa Rica, in addition to another 27 in the United States and regions of Europe.
The main targets so far have been government agencies and companies of all sizes, especially in the health and telecommunications sectors.
The attacks follow the classic ransomware primer: the infection happens after a computer installs a fake attachment in ZIP format, and the victim must fall into a phishing or social engineering scam.
The affected system has all the files on the computer “hijacked” and encrypted, released upon payment of a ransom.
As not making the payment is the most recommended attitude in the case of a ransomware, since there are no guarantees of return of the files and serves as a stimulus for it to continue in progress, Avaddon has a way of getting revenge.