How the attack actually arrives

On 3 July 2026, researchers Nevan Beal and Sam Decker of Blackpoint Cyber, working alongside Palo Alto Networks Unit 42, disclosed a previously undocumented modular framework they named Avalon. It does not arrive as an obvious attachment. The chain starts with a spoofed legal-document email that points the recipient to a password-protected archive hosted on Proton Drive, and the malicious code travels inside an ISO disk image rather than a file the mail gateway would scan.

Opening the image mounts it like a drive, and a document-themed Windows shortcut inside runs MSBuild, a trusted Microsoft build tool, to load an embedded piece of code that first tampers with Windows event logging and then pulls down Avalon itself. Almost all of this runs in memory, leaving little on disk. The sample was uploaded to VirusTotal on 11 March 2026 and drew zero detections for roughly four months.

It goes for the recovery layer first

What separates Avalon from routine ransomware is the order of operations. Before any encryption, the framework harvests credentials from browsers, password stores, VPN, SSH and Wi-Fi profiles, then moves laterally toward the assets that would let a company recover: domain controllers, virtualization hosts such as vCenter and Hyper-V, and backup platforms including Veeam, Acronis, NetApp and Synology. It deletes Windows shadow copies along the way.

Only after the recovery layer is neutralised does the CrownX module encrypt files with authenticated AES-GCM cryptography. The framework also carries specific routines to hide from nine named security products: Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee and Bitdefender. The uncomfortable thesis is not that another ransomware exists; it is that this one is engineered to make the standard answer, we can just restore, untrue before the encryption even starts.

What this changes for an operator

The practical lesson does not depend on which endpoint brand you run. When a kit is purpose-built to blind nine of them and to delete the backups first, detection becomes one layer rather than the guarantee, and the control that still works is a backup copy the attacker cannot reach. That means at least one immutable or offline copy that a compromised domain administrator cannot delete, and a restore you have actually tested this quarter rather than assumed.

Two details raise the stakes for European operators. Three of the nine evaded tools, Sophos, ESET and Bitdefender, are European mainstays, so a large share of the region runs exactly the products this kit was tuned against. And the researchers note signs of AI-assisted development, which lowers the skill and time a group needs to build something this layered, so more of it is coming. Under NIS2 the accountability for handling it sits with named senior management, not only the security team.