Avoslocker Ransomware (Expert Analysis)
Contents
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.
What Happened?
It was first seen in mid-2021 when attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload.
AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets.
As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.
Like any other ransomware, AvosLocker encrypts files on a victim’s machine and renames them with the [name] and .avos extension in Windows environment, on Linux environment is “.avoslinux”.
Then attackers leave some type of message on the victim server and include a link to some type of payment or link to an AvosLocker .onion payment site.
Complete instruction you will have on how to pay the ransom, in some situations you may even get a call from the attacker instructing you on how to pay them money to retrieve your files.
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.
You're on the list! Just one more step...
Check your email to confirm your subscription.