The FBI has issued a warning about the AvosLocker ransomware being used in cyberattacks on critical infrastructure in the United States. It was revealed in a joint cybersecurity alert released this week by the Financial Crimes Enforcement Network (FinCEN) and US Treasury Department.
“AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors,” said the FBI. Thus, AvosLocker indicators of compromise (IOCs) include both AvosLocker malware-specific indicators and indicators specific to the individual affiliate responsible for the intrusion.
The advice contains indications of compromise (IOCs) that network defenders may employ to identify and prevent AvosLocker ransomware attacks. AvosLocker initially appeared in the summer of 2021, advertising their Ransomware-as-a-Service (RaaS) business on underground forums and recruiting ransomware affiliates. In this forum, you can discover more about the AvosLocker ransomware and what you should do if you are infected.
Between November and December 2021, AvosLocker had a surge in its activities. This gang continues to attack and encrypt at least a few victims each month based on ID-Ransomware reports. The FBI also revealed technical specifics about this RaaS operation, such as the fact that AvosLocker representatives will reportedly phone victims to send them to the payment site where they may negotiate lower ransom payments. If this is accurate, AvosLocker would be yet another cybercrime group known for adopting this approach to force victims to pay ransoms, which was pioneered and field-tested by the Sekhmet, Maze, Ryuk, and Conti ransomware groups.
AvosLocker negotiators have threatened and launched distributed denial-of-service (DDoS) attacks during talks in the past, most likely when the victims refuse to comply with their demands. Network segmentation and frequent offline backups, as well as keeping software up to date, notably Microsoft Exchange Server, a known attack vector used by AvosLocker affiliates, are all mitigation techniques that can assist network defenders in preventing AvosLocker ransomware operations.