On Wednesday, May 5, 2021 the FBI released an advisory regarding Avaddon Ransomware. Threat actors using Avaddon ransomware have compromised targets in a variety of ways. The FBI has received notifications of unidentified cyber actors using Avaddon ransomware against US and foreign private sector companies, manufacturing organizations, and healthcare agencies. Avaddon ransomware actors have compromised victims through remote access login credentials [e.g., remote desktop protocol (RDP) and virtual private network (VPN)] with single-factor authentication or improperly configured RDP. After Avaddon actors gain access to a victim’s network, they map the network and identify backups for deletion and/or encryption. You can find additional details around Avaddon Ransomware here.
AgileBlue has Indicators of Attack set up to make sure all of our customers can be quickly notified of a potential breach. Our rules surrounding Powershell commands and rare processes can detect indicators of an Avaddon Ransomware attack, and we have implemented an additional IOA – appearing in the AgileBlue SOC Management Portal as “Avaddon Ransomware” on the alert list – to specifically trigger on any indicators of a possible Avaddon breach. Interested in learning more about how AgileBlue can protect your company? Contact us.