Ransomware Report

You can check the latest ransomware information.

  • Registration date

    [Avaddon(3) ransomware]

    [Virus/malware activity reported: Avaddon(3) ransomware]

    An infringement incident presumed to be a form of Avaddon(3) ransomware has occurred, and
    we would like to confirm the situation and provide a warning as follows.

    Avaddon(3) ransomware

    The ransomware is called Avaddon(3) and has an encrypted name. It appears that all files are being changed with the extension CBbdcAAcEa.

    How it works

    file version

    [Figure 1 File version]

    [Figure 2 File properties]

    behavioral process

    • Windows error recovery notification window and recovery mode

      Considering that exceptions may occur while ransomware is running in the background, stop the error recovery notification window output function and disable Windows recovery mode.

      [Figure 3 Windows error recovery notification window and recovery mode]

    • UAC permission settings

      To ensure smooth operation, disable UAC so that the permission request notification window does not appear. Additionally, make sure UAC is disabled.

      [Figure 4 UAC permission settings]

      [Figure 5 UAC permission settings]

    • Deleting shadow copies

      After encryption, shadow copies are deleted to make it difficult for users to recover files.

      [Figure 6 Deleting shadow copies]

    Infection results

    The information file is created in each folder with the name private key_readme_.txt, and when encryption is performed, <encrypted name. The files are changed to CBbdcAAcEa>.

    [Figure 7 Infection result 1]

    [Figure 8 Infection result 2]

    White Defender compatible

    It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

    [Figure 9 Block message]

    [Figure 10 Block message]

    [Figure 11 Block message]

    Watch Avaddon(3) blocking video

    Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
    Copyright ⓒEveryzone , Inc. All Rights Reserved.|