{
	"id": "969c38e5-f1d3-4129-9a2a-4772568a94e8",
	"created_at": "2026-04-06T00:22:15.672845Z",
	"updated_at": "2026-04-10T03:20:31.706074Z",
	"deleted_at": null,
	"sha1_hash": "8b1076fb01ae53c406b7b8e187a5190fe2834ea0",
	"title": "Avaddon ransomware fixes flaw allowing free decryption",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2895310,
	"plain_text": "Avaddon ransomware fixes flaw allowing free decryption\r\nBy Lawrence Abrams\r\nPublished: 2021-02-11 · Archived: 2026-04-05 19:12:45 UTC\r\nThe Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came\r\nto light after a security researcher exploited it to create a decryptor.\r\nOn Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon\r\nRansomware on his GitHub page and released a report describing the flaw through ArXiv.\r\nAccording to Yuste's research, when the Avaddon ransomware encrypts a device, it creates a unique AES256 encryption\r\nsession key used to encrypt and decrypt the files.\r\nhttps://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nA flaw in how the ransomware clears this key, though, allowed Yuste to create a decryptor that retrieves the key from\r\nmemory as long as the computer has not been shut down since being encrypted.\r\nRansomware dev fixes encryption flaw\r\nAs first reported by ZDnet, one day after the decryptor was released, the Avaddon ransomware developer posted to a hacker\r\nforum that they had fixed the flaw.\r\n\"Only neither the decryptor, nor such close atention will stop us. On the contrary, we analyzed the situation, identified\r\nweaknesses and found a solution.\"\r\n\"We have already implemented a solution to the problem that will make decryption by third-party means impossible,\" the\r\nAvaddon developer wrote in a forum post.\r\nPost by the ransomware dev on a hacker forum\r\nTo compensate the operation's affiliates whose victims may have received free decryption, the ransomware developer\r\nincreased affiliates' revenue share to 80%. The normal revenue share for Avaddon affiliates is 65-75%, depending on how\r\nmany victims they generate.\r\nThreat actors read the same security news as you\r\nIt is important to remember that ransomware and threat actors follow the same Twitter and news feeds that you do.\r\nIn the past, ransomware operations such as GandCrab and Maze routinely taunted antivirus companies, researchers, and\r\neven BleepingComputer after news or research was published.\r\nOne threat actor went as far as creating a ransomware called 'Fabiansomware' after the ransomware expert Fabian Wosar.\r\nFabiansomeware Ransomware\r\nBleepingComputer has also been contacted numerous times by threat actors who wanted to clarify a point in an article or tell\r\nus further information.\r\nThus, it is always essential to assume that any ransomware flaws openly disclosed will also be seen by a threat actor.\r\nhttps://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/\r\nPage 3 of 4\n\nWe have seen this historically with CryptoDefense, DarkSide, and now Avaddon.\r\nFor this reason, most ransomware experts do not think security companies and researchers should publish encryption flaws\r\nor decryptors as it allows the threat actors to fix the bugs in their malware.\r\nInstead, it is suggested that those who create a decryptor reach out to antivirus companies, incident response firms, law\r\nenforcement, and communities like BleepingComputer who commonly help ransomware victims.\r\nThese decryptors can then be used by these organizations to privately help victims, while at the same time not publicly\r\nrevealing to the ransomware developers how to fix their flaws.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/\r\nhttps://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/"
	],
	"report_names": [
		"avaddon-ransomware-fixes-flaw-allowing-free-decryption"
	],
	"threat_actors": [],
	"ts_created_at": 1775434935,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8b1076fb01ae53c406b7b8e187a5190fe2834ea0.pdf",
		"text": "https://archive.orkl.eu/8b1076fb01ae53c406b7b8e187a5190fe2834ea0.txt",
		"img": "https://archive.orkl.eu/8b1076fb01ae53c406b7b8e187a5190fe2834ea0.jpg"
	}
}