(Awake Security) Avaddon is a cryptolocker ransomware written in C++ that is best known for encrypting files and changing the file extension to .avdn. The ransomware also deletes the volume shadow copies and other system backups and typically demands a ransom ranging between $150 and $900. Since the ransomware uses strong encryption algorithms like AES256 and RSA2048, no decryptor is available and it is impossible to decrypt the file without the key that was used to encrypt it. This ransomware is sold similar to other Ransomware-as-a-service(RaaS) like REvil. Thus, even someone with limited technical background can become an �affiliate� to spread the malware. In return, the profit gets shared between the threat actor and the affiliate. In this blog post we dissect this malware and discuss methods to perform threat hunting for the Avaddon ransomware family.