Previous
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Dalibor Gašić / Last Updated: 7/01/2022
Reviewed By: Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.
It was first seen in mid-2021 when attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload.
AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets.
As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.
Like any other ransomware, AvosLocker encrypts files on a victim’s machine and renames them with the [name] and .avos extension in Windows environment, on Linux environment is “.avoslinux”.
Then attackers leave some type of message on the victim server and include a link to some type of payment or link to an AvosLocker .onion payment site.
Complete instruction you will have on how to pay the ransom, in some situations you may even get a call from the attacker instructing you on how to pay them money to retrieve your files.
If you think you are not a victim if you do not work in one of the affected institutions, you are mistaken.
Like all types of malware, the victim does not choose whether to be a corporation or a regular customer at home.
Our recommendation is to follow cyber security standards and policies if you are in a company, and if you are a regular user, be careful of the emails you receive because this is the most common entry for hackers for such attacks
Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
First and foremost, follow the guidelines and policies if you’re in the company.
To mitigate and prevent the AvosLocker ransomware organizations need to:
Related Articles:
Dalibor is a Senior Security Engineer with experience in penetration testing having recently served over 8 years in the Ministry of Internal Affairs in the Department of Cyber Security in Serbia.
Related Articles
Popular Articles
Ransomware Attacks
Preventing Attacks