Avaddon is spread via phishing and malicious spam campaigns that deliver malicious JavaScript files, the ACSC says. "These are often low in sophistication, containing a threat suggesting the attached file contains a compromising photo of the victim," the Australian agency says. "'Double extortion' techniques are used, such as coercion and further pressure to pay a ransom, including threatening to publish the victim’s data … and threatening the use of DDoS attacks against the victims." Written in C++, Avaddon encrypts data using a unique AES256 encryption key, the agency reports. During the infection process, Avaddon checks the operating system language and keyboard layouts. If a potential victim’s operating system language is set to specific languages normally used in the Commonwealth of Independent States - formerly part of the Soviet Union - the malware ceases operation without harming the system.