Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Avaddon Ransomware’s Exit Sheds Light on Victim Landscape

Avaddon Ransomware’s Exit Sheds Light on Victim Landscape

A new report analyzes the recently released Avaddon ransomware decryption keys to shed light on the types of victims targeted by the threat actors and potential revenue they generated throughout their operation.

On June 11th, the Avaddon ransomware gang decided to shut down their operation. As part of the shutdown, the ransomware gang anonymously shared their victims’ decryption keys with BleepingComputer.

Using these keys, Emsisoft created a decryptor that allows victims to recover their files for free.

These decryption keys were released as two text files where each victim contained a numeric ID and two base64 encoded cryptographic keys that could decrypt a victim’s files.

For many of these keys, the ransomware gang also included an identifier of some sort that could be a Windows domain, the logged-in user’s name, or some other identifier.

Example base64 encoded keys with identifier redacted

While some of these IDs reveal significant cyberattacks against previously unknown corporate targets, BleepingComputer does not intend to report on these victims.

Data sheds light on Avaddon’s targets

After analyzing the unique identifiers attached to the Avaddon decryption keys, cybersecurity firm Advanced Intel has released anonymous details about the victims targeted by the ransomware group.

“Today we shed light on this lost and hidden criminal empire using unique datasets – the full list of Avaddon victims ever targeted by the group over the year of its existence,” says Advanced Intel’s report.

Of the victims targeted by Avaddon, most organizations resided in the USA, followed by Canada, and then the rest of the world. As noted by the map, there were no known victims in Russia or other CIS countries, as is typical for ransomware gangs.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Avaddon ransomware victims by country

The top three industries targeted by Avaddon were Retail (12.5%), Manufacturing (12.2%), and (6.3%), and Finance (7.5%). However, Avaddon targetted a wide range of companies, and while the threat actors targeted some industries more than others, these were likely still opportunistic attacks.

Avaddon victims by industry

Finally, using the list of known victims, Advanced Intel grouped them by their yearly revenue, showing that over 50% earned income below $10 million.

Avaddon victims by revenue

On average, Avaddon’s victims’ revenue are:

  • $13 Million USD for small businesses
  • $287 Million USD for medium-sized victims
  • $3.7 Billion USD for larger businesses

An Advanced Intel source states that Avaddon uses a “5×5” rule when determining ransom demands.

“The most common calculation which according to our sensitive and credible source intelligence as used by Avaddon was a so-called “5×5” rule when 5% of the annual revenue is used to start the negotiations, with annual revenue estimated as one-fifth of the total revenue,” explained the report.

Also Read: How to Comply with PDPA: A Checklist for Businesses

“In other words, for a victim which has a total revenue of $7 Million USD, the starting ransom price will be $70,000 USD. Typically, Avaddon dropped the price during the bargaining, and the end ransom was around $50,000 USD for a successful operation.”

Using this information and internal intelligence based on known victims, Advanced Intel believes that Avaddon’s total earnings are of approximately $87 million.

“Feedback from the top-tier underground community members who reportedly worked with Avaddon, as well as other collections from the DarkWeb though which we were able to build an approximate patter for each 3d victim paying the ransom,” Advanced Intel’s Yelisey Boguslavskiy told BleepingComputer.

“This pattern correlated with our experience of engaging in mitigation of ransomware incidents.”

It is not clear why Avaddon shut down its operation, but it is believed to be due to the increased pressure exerted by the US government and law enforcement.

While ransomware has been a problem since 2012, it has not been until the past two years that law enforcement has successfully disrupted these operations.

This disruption has been successful as it targets the affiliates, infrastructure, and payments rather than the ransomware operation’s core developers.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us