According to an advertisement observed on an undisclosed Russian forum, the Avaddon operators claimed that they are a new Ransomware-as-a-Service (RaaS) program. Affiliates who join the program can distribute the ransomware through spam, compromised networks, and exploit kits; however, the affiliates must abide by a set of rules such as they cannot target victims in the Commonwealth of Independent States (CIS), including the Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan. At the time of writing, it is unclear what the overall impact is of the Avaddon ransomware campaign.
It is recommended that users have a reliable and tested backup that can be restored, implement an anti-spam solution to stop phishing emails from reaching the network, and keep the operating systems up-to-date. The following indicators of compromise have been identified with Avaddon Ransomware: