ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Riddle Spider

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Riddle Spider

NamesRiddle Spider (CrowdStrike)
Avaddon Team (self given)
Country[Unknown]
MotivationFinancial gain
First seen2020
Description(Cornell University) The commoditization of Malware-as-a-Service (MaaS) allows criminals to obtain financial benefits at a low risk and with little technical background. One such popular product in the underground economy is ransomware. In ransomware attacks, data from infected systems is held hostage (encrypted) until a fee is paid to the criminals. This modus operandi disrupts legitimate businesses, which may become unavailable until the data is restored. A recent blackmailing strategy adopted by criminals is to leak data online from the infected systems if the ransom is not paid. Besides reputational damage, data leakage might produce further economical losses due to fines imposed by data protection laws. Thus, research on prevention and recovery measures to mitigate the impact of such attacks is needed to adapt existing countermeasures to new strains.
ObservedCountries: Australia, Belgium, Brazil, Canada, China, Costa Rica, Czech, France, Germany, India, Indonesia, Italy, Japan, Jordan, Peru, Poland, Portugal, Russia, South Korea, Spain, Switzerland, Thailand, UAE, UK, USA and Worldwide.
Tools usedAvaddon.
Operations performedJun 2020New Avaddon Ransomware launches in massive smiley spam campaign
<https://www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/>
Jul 2020Avaddon ransomware shows that Excel 4.0 macros are still effective
<https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shows-that-excel-40-macros-are-still-effective/>
Aug 2020Avaddon ransomware launches data leak site to extort victims
<https://www.bleepingcomputer.com/news/security/avaddon-ransomware-launches-data-leak-site-to-extort-victims/>
Jan 2021Another ransomware now uses DDoS attacks to force victims to pay
<https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/>
Feb 2021Avaddon ransomware fixes flaw allowing free decryption
<https://www.bleepingcomputer.com/news/security/avaddon-ransomware-fixes-flaw-allowing-free-decryption/>
Apr 2021Cyber-attackers hold PN to ransom with major data leak threat
<https://timesofmalta.com/articles/view/cyber-attackers-hold-pn-to-ransom-with-major-data-leak-threat.865968>
May 2021Insurer AXA hit by ransomware after dropping support for ransom payments
<https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/>
Jun 2021Avaddon ransomware shuts down and releases decryption keys
<https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/>
Information<https://arxiv.org/abs/2102.04796>

Last change to this card: 15 June 2021

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]