On June 11, 2021, news began to spread that the Avaddon ransomware gang was shutting down operations and released all 2,934 decryption keys for each of the victims affected. In addition, Emsisoft has released a free decryption software tool to help past victims recover from past attacks by using the publicly released keys to decrypt their files. In the recent past, Avaddon had grown to become a more significant threat than before, and when Darkside went dark, they worked very hard to try and fill the gap. However, the likely scenario is that Avaddon is rebranding as a new ransomware group, just as Gandcrab did in the past to become REvil.
Time will tell what will become of the gang and if this is an actual shutdown or a rebrand. During the downtime, organizations hit by Avaddon should take this opportunity to decrypt any devices and not pay the ransom. As always, taking steps to build an infrastructure of detection and recovery can go further as opportunities to decrypt files for free like this do not often become available. Centralized logging and streamlined backups of critical devices can be invaluable when impactful incidents like ransomware occur.