Avoslocker Ransomware (Expert Analysis)

Contents

AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.

What Happened?

It was first seen in mid-2021 when attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload.

AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets.

As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.

Like any other ransomware, AvosLocker encrypts files on a victim’s machine and renames them with the [name] and .avos extension in Windows environment, on Linux environment is “.avoslinux”.

Then attackers leave some type of message on the victim server and include a link to some type of payment or link to an AvosLocker .onion payment site.

Complete instruction you will have on how to pay the ransom, in some situations you may even get a call from the attacker instructing you on how to pay them money to retrieve your files.

.