Shop Plans

Avoslocker Ransomware (Expert Analysis)

Contents

AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.

What Happened?

It was first seen in mid-2021 when attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload.

AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets.

As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.

Like any other ransomware, AvosLocker encrypts files on a victim’s machine and renames them with the [name] and .avos extension in Windows environment, on Linux environment is “.avoslinux”.

Then attackers leave some type of message on the victim server and include a link to some type of payment or link to an AvosLocker .onion payment site.

Complete instruction you will have on how to pay the ransom, in some situations you may even get a call from the attacker instructing you on how to pay them money to retrieve your files.

.

Who Are The Targets Of The AvosLocker Ransomware Attacks?

If you think you are not a victim if you do not work in one of the affected institutions, you are mistaken.

Like all types of malware, the victim does not choose whether to be a corporation or a regular customer at home.

Our recommendation is to follow cybersecurity standards and policies if you are in a company, and if you are a regular user, be careful of the emails you receive because this is the most common entry for hackers for such attacks

Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

Download Now
IT Security Policy Templates

How To Protect Against AvosLocker Ransomware

First and foremost, follow the guidelines and policies if you’re in the company.

To mitigate and prevent the AvosLocker ransomware organizations need to:

  • Implement a data recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physical, separate, segmented, and secure location, such as a hard drive, storage device, or the cloud.
  • Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization.
  • Regularly back up data, and password protected backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Use multi-factor authentication where possible.
  • Install and regularly update antivirus software on all hosts, and enable real-time detection. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.
  • Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cyber security risks and vulnerabilities (i.e., ransomware and phishing scams).

Article by

Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Linkedin
Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Categories

AI Security

Cybersecurity Strategy

General Cybersecurity

Network Security

Penetration Testing

Ransomware

Recent Cyber Attacks

Small Business

Social Engineering

Vulnerability Management

The Breach Report

Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.

Learn More

Related Breaches

PurpleSec

Get Secure Today.

Founded in 2019, PurpleSec is a veteran-owned cybersecurity company with a mission to help SMBs and startups affordably meet their security requirements.

Explore The Savings

Our Solutions

Virtual CISO

Defiance XDR

Social Engineering

Vulnerability Mgmt

Penetration Testing

Contact Us

Why PurpleSec?

About Us

Case Studies

How We Work

Our Leadership

Our Mission & Values

Linkedin Youtube Twitter

Learn With PurpleSec

Blog

Podcasts

Recent Cyber Attacks

Cybersecurity Insights

View All Resources