Higher up authorities in the United States of America, including the FBI and the Treasury Department have recently issued a cybersecurity advisory. The advisory warns organizations in the US to be wary of an oncoming stream of AvosLocker ransomware attacks.
It is recognized that the AvosLocker ransomware has been in use to target specific critical infrastructure sectors, including manufacturing, finance, and government facilities among others.
The Impact of AvosLocker Ransomware
Just how hard the ransomware has hit the US Infrastructure sector is still not clear. But after-effects of the AvosLocker ransomware are evident in certain incidents. For instance, the Colonial Pipeline threat last year had long-lasting impact, which prodded the USA into taking concrete steps to improve their cybersecurity posture.
To help understand the activities of AvosLocker, the FBI and the Treasury Department have furbished organizations with Indicators of Compromise (IoC). They have also published details on the vulnerabilities exploited by the blameful cybercriminals and their tools of attack. US infrastructure organizations are also being supplied by ransomware mitigation and tackling resources.
An excerpt from the publicly issued advisory:
“AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets. As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.”
How does the AvosLocker Ransomware work?
AvosLocker works via the Ransomware-as-a-service (RaaS) model. Its users claim to have targeted victims all over the globe, including the USA, the UK, Germany, Spain, Belgium, Canada, China, Taiwan, Turkey, the UAE, Saudi Arabia and Syria.
AvosLocker attacks through a piece of ransomware that encrypts files on the victim’s systems. With encryption, this ransomware also steals sensitive information from the system, so the user would not hesitate to pay the ransom.
The ransomware perpetrator runs a Tor-based online portal where they publicize the victims that refuse to pay and then publish their stolen data for anyone willing to pay for it.
In some incidents, the attackers are open to negotiate the ransom with the victims. The hackers may also launch DDoS attacks against the victim during negotiations.
Prevent AvosLocker and other Ransomware Strain
We have published resources on our blog that help you prevent ransomware in 10 actionable steps. On our eShop, we also provide Cloud Email ATP, a flagship email security product that can protect against all the major email threats, including ransomware.
