- Federal threat alerts detailing the ongoing Russian-backed and Avaddon ransomware campaigns have been issued.
- FBI has warned that the new computer virus targets global entities, especially healthcare entities and COVID-19 vaccine developers.
Many federal agencies including the Federal Bureau of Investigation (FBI) in the United States of America (USA) and the Australian Cyber Security Center (ACSC) have released insights on ongoing cyber campaigns led by Avaddon ransomware and Russian hackers that are targeting a range of global private sector entities, especially those in healthcare sector and COVID-19 vaccine developers. The alerts on Avaddon issued by Federal agencies warns that people behind this ransomware are actively leveraging phishing campaigns and hacking many servers aiding the IT infrastructure in healthcare sector with double extortion attempts.
Russian hackers have also been observed using the victim’s geolocation and computer system language to determine whether or not to attack his/her system. Avaddon was first spotted in FEB 2019. It is offered as a Ransomware-as-a-Service (RaaS) model. RaaS allows affiliate cyber criminals to leverage the ransomware for their desired means, as long as a portion of profits are returned to Avaddon developers.
Many cyber criminals who may or may not have been among the developers of Avaddon, have successfully exploited many healthcare entities and posted data allegedly stolen from its victims. Their victims include Capital Medical Center in Washington, Intensive Care Online Network (ICON), and Bridgeway Senior Healthcare in New Jersey.
When opened, the included attachment downloads Avaddon using PowerShell. Once Avaddon runs, it displays the ransom message and later demands US $ 800 payment in bitcoin via TOR.
The FBI noted that cyber criminals were threatening victims with Distributed Denial of Service (DDoS) attacks in addition to traditional encryption methods. ACSC noted that the attackers had a strong presence on dark web cybercriminal forums. The RaaS variant featured on multiple high-tier cybercrime forums. The typical ransom demand asked for bitcoin valued at approximately AUS $ 40,000, on average.