Avaddon ransomware targeting Australian organisations

The Australian Cyber Security Centre (ACSC) has warned of ongoing ransomware campaigns targeting multiple Australian organisations.

The Avaddon ransomware-as-a-service campaign is actively targeting the government, academia and numerous commercial sectors, the ACSC warned in an advisory.

The malware is primarily spread using phishing and malicious email spam campaigns to deliver malicious JavaScript files, the ACSC said.

Other characteristics of the campaigns involving the ransomware variant include using ‘double extortion’ techniques as coercion and further pressure to pay a ransom including threatening to leak the victim’s data if a ransom is not paid, as well as threatening DDoS attacks against victims.

Once installed on a compromised system, Avaddon ransomware has a wide range of capabilities including capturing keystrokes, payment card data and system network information; creating, copying and deleting files; reading and writing memory; starting or stopping services; and gaining persistence via a Windows registry Run key.

Avaddon threat actors demand ransom payment via Bitcoin, with an average demand of around 0.73 bitcoin — amounting to around US$40,000 ($51,000).

To mitigate the risk of compromise, the ACSC is urging organisations to keep operating systems and applications up to date, scan emails and attachments for malware, and maintain offline, encrypted backups of data.

Training processes should be implemented to identify phishing and externally sourced emails, and backups should be regularly tested and kept offline or in separated networks, the ACSC said.

Image credit: ©stock.adobe.com/au/zefart