After realizing that they had encrypted a US government organization, the AvosLocker ransomware operation offered a free decryptor. AvosLocker hacked a US police department last month, encrypting devices and stealing data in the process.
As per a screenshot released by security researcher pancak3, they offered a decryptor for free after learning that the victim was a government organization. While the ransomware attack gave a decryptor to the police department, they refused to offer a list of stolen data or details on how they broke into the agency’s network. According to a member of the AvosLocker organization, they have no strategy on who they target. However, they usually avoid encrypting government and hospital entities.
“You should note, however, that sometimes an affiliate will lock a network without having us review it first,” the AvosLocker operator revealed. When asked if they avoid targeting government agencies on purpose because they are afraid of law enforcement, they responded it’s more because “taxpayer money’s generally hard to get.”
Over the last year, however, international law enforcement activities have led to several ransomware members and money launderers being indicted or arrested. REvil, Egregor, Netwalker, and Clop ransomware gang members were among those detained. This additional pressure appears to be having a positive impact, as many ransomware operations, including DarkSide, BlackMatter, Avaddon, and REvil, have shut down as a result of it.
Unfortunately, many ransomware groups just rebrand as new businesses hoping to elude law enforcement. Despite the arrests and growing pressure, AvosLocker stated that law enforcement “had no authority” in the “motherland.”