Novel NoEscape ransomware operation believed to be Avaddon rebrand

Novel ransomware group NoEscape, which has begun double extortion attacks against enterprise targets last month, has been suspected to be a rebrand of the Avaddon operation that was dismantled by U.S. and Australian law enforcement authorities two years ago, reports BleepingComputer. Both NoEscape and Avaddon have leveraged nearly identical encryptors, with the exception of encryption algorithms, noted ID-Ransomware creator and ransomware expert Michael Gillespie. Further examination by BleepingComputer revealed that the same configuration file and directives have been used by both encryptors, suggesting that the Avaddon encryptor's source code may have been bought by NoEscape attackers but several researchers have noted the involvement of key Avaddon members in NoEscape. Ten organizations have already been extorted or had their data leaked by the new ransomware operation, which looks to compromise corporate networks and obtain Windows domain admin credentials to facilitate network-wide ransomware delivery. NoEscape was noted to demand ransoms exceeding $10 million for the stolen data.