Ransomware Group Calling It Quits, But Can We Trust Them?
By: Jim Stickley and Tina Davis
October 10, 2021
In the world of ransomware threat groups, why would any well-known and successful group decide to throw in the towel? That’s the question cybersecurity pros are asking themselves after another group announced its departure from ransomware attacks. Avaddon, a ransomware-as-a-service (RaaS) provider that recently garnered public warnings from the FBI and Australian Cyber Security Center, claims they’ve shut their doors by joining the ranks of the ransomware-free. It may be reason to celebrate, but don’t pop the champagne corks yet. The question remains – can they be trusted?
Doing What it Takes to Survive
Since hacking groups aren’t exactly known for their honesty, experts speculate that Avaddon may have an ulterior motive – survival. A big part of that strategy includes rebranding their group to avoid the scrutiny of those like the FBI. BleepingComputer reports Avaddon released over 2,000 decryption keys to their technology news site, announcing they were done with the hacking business. Handing over the decryption keys certainly looks like a legitimate move by the group, but others have yet to be convinced it’s not part of a bigger plan for their future success. Simply put, Avaddon could pop-up with a different name and identity and carry-on their ransomware heists. However, the group isn’t the only group claiming they too are out of business.
Avaddon in “Good” Company
If the name DarkSide sounds familiar, there’s a good reason for that. The ransomware group launched a headline-grabbing attack on Colonial Pipeline earlier this year that froze 45% of gasoline and other fuels from moving up the East Coast to its destinations. This moved the U.S. Government to declare a state of emergency, directly pointing to DarkSide as the perpetrator. Doing so put the group under intense scrutiny by the U.S. and others and may have also led to their decision to hang-up their ransomware attacks. But not so fast, say the good guys…
Bad Actor Theater
The phrase many cybersecurity pro’s use for both groups can be summed up as “skeptical at best.” Any criminal of any type knows that when the heat is on, getting out of Dodge is part of escaping the law. That may be exactly what Avaddon and DarkSide are calculating, regardless of what they claim to be doing.
With Avaddon handing over their decryption keys and DarkSide doing the same, both groups may have made these moves to appear sincere. True or not, security pros know it may just be another episode of bad actor theater. Remember, these are hard core criminal gangs who have only their best interests in mind. If claiming to put themselves out of business will help them survive and thrive under a new identity, that’s exactly what they’ll do.
Keep Your Guard Up
- Continue looking out for the common phishing lures. Just because they say they’re out of business, doesn’t mean they are.
- Always keep all your systems and devices updated with the latest patches and versions. If a product is no longer supported, upgrade it.
- Always use antivirus products and keep them updated.
- Continually provide cybersecurity awareness training for all users of the network, whether at home or at the office.
- The future remains to be seen for both groups but know the U.S. Government and other forces are keeping a very close watch on them both. But, you can bet that these groups will return, someday and somehow.