Avaddon Ransomware


Avaddon is a malicious piece of software that is a new addition to the ransomware category. Avaddon seeks to encrypt digital data on its victim’s computer by using a powerful encryption algorithm.

Avaddon Ransomware

The Avaddon Ransomware

The files that this program targets are typically commonly used types such as documents, databases, archives, as well as images, videos, audios and some system files that are of great importance to the user and the OS. Once encrypted, these files become inaccessible to anyone, as they cannot be read or recognized by any software or program. Their file extensions may also be changed to a strange suffix that is unknown to other software and, thus, unreadable.

What is typical for Avaddon is that encrypts AES key by using RSA algorithm and after applying its encryption, it normally reveals itself via a ransom message that can be placed on the screen of your device and/or in the directories of the encrypted data. The text of this message will normally inform the victims that Tor website contains information such as price of the decryption tool what has occurred and how their own personal files will no longer be available to them unless they pay for a special decryption key. The criminals behind Avaddon ransomware ask 0.05346968 of Bitcoin and It is stated that  it has to be purchased by transferring this amount of BTC to the provided address (BTC wallet) . This is a common blackmail tactic that relies on the fact that the victims are typically very scared not to lose their files forever, thus, depending on how much they need them, they are desperate to do anything to get them back.

Since you are on this page, however, you probably aren’t ready to easily send your hard-earned money to some anonymous crooks and are way more eager to know what you can do to save the files that Avaddon has encrypted without paying a ransom. Fortunately, there are some alternative solutions that may help you remove the ransomwares like Kkll and Nlah and recover some of the information and, if you stay with us till the end, you will find out more about them, ideally without wasting tons of time and money. In order to handle the infection best, be sure to complete the steps in the first part of the removal guide that you will find below, as the deletion of Avaddon is crucial for the protection of any files you may recover later.

The Avaddon virus

The Avaddon virus is an advanced piece of malicious code that prevents users from accessing the data stored on their computer. The files that the Avaddon virus targets are usually commonly used ones such as documents, images, databases, archives, and more.

The victims of this ransomware usually are denied access to their audio files, images, all sorts of text files, etc. and cannot open or use them even though they are present on the hard drive. People who have backup copies of these files can easily cope with the results of the attack though. They simply need to remove the virus from the system and connect their backup sources in order to transfer the accessible copies onto the clean computer.

The .Avdn file decryption

The .Avdn file decryption is a file-recovery method that can be activated with the application of a special decryption key. The .Avdn file decryption key, however, is traded only for a ransom payment, sadly, without any guarantee for its effectiveness.

Avaddon Ransomware

The Avdn Virus will start encrypting your files as soon as it has infected your system.

Very often, however, the victims may not have backups and the denied access of the encrypted information may lead to considerable financial losses, especially if companies and organizations are targeted. Yet, the best way to discourage hackers from blackmailing users through ransomware infections is to restore your files using alternative methods and refuse to pay them a ransom.


Name Avaddon
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Not Available
Detection Tool

Remove Avaddon Ransomware

Avaddon Ransomware

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Avaddon Ransomware


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.

Avaddon Ransomware

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Avaddon Ransomware
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result
Avaddon RansomwareClamAV
Avaddon RansomwareAVG AV
Avaddon RansomwareMaldet

After you open their folder, end the processes that are infected, then delete their folders.

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Avaddon Ransomware

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Avaddon Ransomware

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

Avaddon Ransomware

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Avaddon Ransomware

Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Avaddon Ransomware

How to Decrypt Avaddon files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.


  • Ohh..thank so much.I wasn’t found any post about this type of .avdn malware before. I was searching for myself almost four days. Thanks for update..

    • Thank you for the kind words. If you need any assistance on securing your computer from further attacks link Avaddon Ransomware, please let us know.

  • Hi. I used my portable SSD to boot Windows from my Mac (as a Bootcamp). Now I can’t access it due to Avaddon Ransomware. How do I remove the virus on the external hard disk?

Leave a Comment