Avaddon Ransomware

Avaddon Ransomware is just a file-encrypting infection, but it certainly appears to be more advanced than some other threats alike. That is because its creator has clearly spent some time in creating a very detailed ransom note. It includes images, questions and answers, buttons, links, text in red, etc. Generally, cybercriminals do not put in that much effort, and they usually drop a simple text file to introduce a black on white message that gives, in most cases, vague instructions. This malware, however, has a dedicated webpage that you can only access using the Tor Browser and a unique ID code. This code is embedded within the ransom note file that is dropped next to the files that the malware encrypts. From what we’ve seen, this code is made up of six numbers. So, do you need to pay attention to the attackers’ message, or should you just remove Avaddon Ransomware? Without a doubt, deleting this malware is important, but paying attention to the message could be dangerous.

Before we discuss the ransom note of Avaddon Ransomware and discuss the removal options available to you, let us ask you where did this malware come from? According to our researchers, this threat is most likely to exploit spam emails, and the sample we tested sent emails with the subject line “Your new photo?” The attached file had a random name and a bouquet of extensions (.jpg.js.zip). More experienced users should realize that this is not a legitimate image file immediately; however, less cautious and inexperienced users might click it without thinking. In reality, it is a JavaScript file that downloads and executes Avaddon Ransomware silently. Once that is done, the infection proceeds to encrypt files, and the “.avdn” extension is appended to all of them. This should make it easy for you to see which documents, photos, and other types of files have been encrypted, but of course, you cannot restore the files by just removing the added extension. Next to these files, the “{ID number}-readme.htm” file should be dropped. If you open it, you are introduced to the first message.

According to this message, Avaddon Ransomware infected your network and encrypted all important files. It also claims that you are supposed to pay money for “Avvadon General Decryptor” if you want to restore the encrypted files. To get more information, you are instructed to download the Tor Browser and then move to avaddonbotrxmuyl.onion. The message also warns that your files would be lost if you attempted to recover them yourself. Well, at the time of research, the infection was not decryptable anyway. If you follow the instructions and move to the website, you are supposed to enter the ID code, and then you can access a message, according to which, you have three days to pay a ransom of 700 US Dollars. After the time elapses, the ransom is meant to double. The message instructs to pay the ransom to a unique Bitcoin Wallet (3M9MkWQTLep4zhYef1YKTV8QPRNZnUfypi), which at the time of research, was still empty. It might seem that you are left with no other choice but to pay the ransom; however, note that you are unlikely to obtain a decryptor and restore the files if you follow cybercriminals’ instructions. It seems that you can escape this situation unscathed only if you have copies of your personal files backed up somewhere outside the infected computer.

According to our researchers, you should be able to delete Avaddon Ransomware manually if you follow the instructions below. Of course, if you are less experienced, you might struggle with the steps that need to be completed. The good news is that you do not need to remove this malware manually. In fact, it is better if you install trusted anti-malware software anyway. This software is built for two things, which are to delete malware and to secure your operating system. So, it can automatically remove Avaddon Ransomware, and it also can reinstate Windows protection to ensure that you do not need to face new threats again. After you are done with this, we hope that you can replace the encrypted files with copies stored in external or virtual backup. If you are not in the habit of backing up files, you have to get into it fast. Always remember that even if you secure your system, there is always a small chance that you could face a new file-encrypting threat again.

Avaddon Ransomware Removal

1. Simultaneously tap Windows and E keys to launch File Explorer.
2. Enter %WINDIR%\System32\Tasks\ into the field at the top.
3. Right-click and Delete the task named update.
4. Enter %APPDATA%\Microsoft\ into the field at the top.
5. Right-click and Delete the file named bjbn.exe (could be random).
6. Simultaneously tap Windows and R keys to launch Run.
7. Enter regedit into the dialog box to access the Registry Editor.
8. In the pane on the left, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
9. Right-click and Delete the value named update if its value data points to the malicious .exe file in %APPDATA%\Microsoft\.
10. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and repeat step 9.
11. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\.
12. Right-click and Delete the key named update.
13. Exit Registry Editor and then Empty Recycle Bin.
14. Perform a full system scan with the help of a legitimate malware scanner to make sure that no leftovers remain.