Avaddon Ransomware Alert

authentication failed on a computer desktop screen

On Wednesday, May 5, 2021 the FBI released an advisory regarding Avaddon Ransomware. Threat actors using Avaddon ransomware have compromised targets in a variety of ways. The FBI has received notifications of unidentified cyber actors using Avaddon ransomware against US and foreign private sector companies, manufacturing organizations, and healthcare agencies. Avaddon ransomware actors have compromised victims through remote access login credentials [e.g., remote desktop protocol (RDP) and virtual private network (VPN)] with single-factor authentication or improperly configured RDP. After Avaddon actors gain access to a victim’s network, they map the network and identify backups for deletion and/or encryption. You can find additional details around Avaddon Ransomware here.

AgileBlue has Indicators of Attack set up to make sure all of our customers can be quickly notified of a potential breach. Our rules surrounding Powershell commands and rare processes can detect indicators of an Avaddon Ransomware attack, and we have implemented an additional IOA – appearing in the AgileBlue SOC Management Portal as “Avaddon Ransomware” on the alert list – to specifically trigger on any indicators of a possible Avaddon breach. Interested in learning more about how AgileBlue can protect your company? Contact us.

You May Also Like…

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.