RIDDLE SPIDER (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

RIDDLE SPIDER (Back to overview)

According to Crowdstrike, RIDDLE SPIDER is the operator behind the avaddon ransomware

Associated Families

win.avaddon

References

2022-04-12 ⋅ ConnectWise ⋅ ConnectWise CRU
Threat Profile: Avaddon
Avaddon

2022-03-23 ⋅ splunk ⋅ Shannon Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk

2022-03-17 ⋅ Sophos ⋅ Tilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker

2022-02-23 ⋅ splunk ⋅ Shannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk

2022-01-19 ⋅ Mandiant ⋅ Adrian Sanchez Hernandez, Ervin James Ocampo, Paul Tarter
One Source to Rule Them All: Chasing AVADDON Ransomware
BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX

2021-10-12 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil

2021-09-14 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil

2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker

2021-07-22 ⋅ S2W LAB Inc. ⋅ TALON
Quick analysis of Haron Ransomware (feat. Avaddon and Thanos)
Avaddon Hakbit

2021-06-16 ⋅ Advanced Intelligence ⋅ Vitali Kremez, Yelisey Boguslavskiy
The Rise & Demise of Multi-Million Ransomware Business Empire
Avaddon

2021-06-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Avaddon ransomware shuts down and releases decryption keys
Avaddon

2021-06-11 ⋅ The Record ⋅ Catalin Cimpanu
Cybercrime Featured Avaddon ransomware operation shuts down and releases decryption keys
Avaddon

2021-06-07 ⋅ ATOS ⋅ Loïc Castel
Avaddon Ransomware Analysis
Avaddon

2021-05-14 ⋅ The Record ⋅ Catalin Cimpanu
Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
DarkSide Avaddon REvil

2021-05-10 ⋅ DarkTracer ⋅ DarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX

2021-05-08 ⋅ Australian Signals Directorate ⋅ Australian Cyber Security Centre (ACSC)
2021-003: Ongoing campaign using Avaddon Ransomware
Avaddon

2021-05-06 ⋅ Cyborg Security ⋅ Brandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX

2021-04-26 ⋅ CoveWare ⋅ CoveWare
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt

2021-04-25 ⋅ Vulnerability.ch Blog ⋅ Corsin Camichel
Ransomware and Data Leak Site Publication Time Analysis
Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil

2021-04-01 ⋅ SentinelOne ⋅ Jim Walter
Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage
Avaddon

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER

2021-02-09 ⋅ Javier Yuste, Sergio Pastrana
Avaddon ransomware: an in-depth analysis and decryption of infected systems
Avaddon

2021-02-02 ⋅ ⋅ CRONUP ⋅ Germán Fernández
De ataque con Malware a incidente de Ransomware
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader

2021-01-26 ⋅ Medium s2wlab ⋅ Hyunmin Suh
W4 Jan | EN | Story of the week: Ransomware on the Darkweb
Avaddon Babuk LockBit

2021-01-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Another ransomware (Avaddon) now uses DDoS attacks to force victims to pay
Avaddon

2021-01-11 ⋅ Twitter (@dk_samper) ⋅ Dávid Kosť
Tweet on Initial access of Avaddon Ransomware group from an IR engagement
Avaddon

2020-12-28 ⋅ ⋅ Swanscan ⋅ Pierguido Iezzi, Swascan Cyber Incident Response Team
Avaddon Ransomware: Incident Response Analysis
Avaddon

2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu
The malware that usually installs ransomware and you need to remove right away
Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader

2020-11-16 ⋅ Intel 471 ⋅ Intel 471
Ransomware-as-a-service: The pandemic within a pandemic
Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX

2020-10-26 ⋅ AWAKE ⋅ Ashish Gahlot
Threat Hunting for Avaddon Ransomware
Avaddon

2020-10-23 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Leakware-Ransomware-Hybrid Attacks
Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet SunCrypt

2020-09-29 ⋅ PWC UK ⋅ Andy Auld
What's behind the increase in ransomware attacks this year?
DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker

2020-08-25 ⋅ KELA ⋅ Victoria Kivilevich
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil Sekhmet

2020-07-08 ⋅ Trend Micro ⋅ Trend Micro Threat Research Team
Ransomware Report: Avaddon and New Techniques Emerge, Industrial Sector Targeted
Avaddon

2020-07-01 ⋅ ⋅ TG Soft ⋅ TG Soft
Cyber-Threat Report on the cyber attacks of June 2020 in Italy
Avaddon ISFB

2020-06-12 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
Probable Sandworm Infrastructure
Avaddon Emotet Kimsuky

2020-06-11 ⋅ Twitter (@Securityinbits) ⋅ Security-in-Bits
Tweet on Avaddon ransomware with Python script for decrypting strings
Avaddon

2020-06-05 ⋅ Hornetsecurity ⋅ Security Lab
Avaddon: From seeking affiliates to in-the-wild in 2 days
Avaddon

2020-05-31 ⋅ ⋅ ESET Research ⋅ Facundo Muñoz
Ransomware Avaddon: principales características
Avaddon

Credits: MISP Project