AvosLocker Ransomware
As A Service (RaaS)

Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.

Author: Dalibor Gašić / Last Updated: 7/01/2022

Reviewed By: Michael Swanagan, CISSP, CISA, CISM

View Our: Editorial Process

AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.

What Happened?

It was first seen in mid-2021 when attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload.

AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets.

As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.

Like any other ransomware, AvosLocker encrypts files on a victim’s machine and renames them with the [name] and .avos extension in Windows environment, on Linux environment is “.avoslinux”.

Then attackers leave some type of message on the victim server and include a link to some type of payment or link to an AvosLocker .onion payment site.

Complete instruction you will have on how to pay the ransom, in some situations you may even get a call from the attacker instructing you on how to pay them money to retrieve your files.

Who Are The Targets Of The
AvosLocker Ransomware Attacks?

If you think you are not a victim if you do not work in one of the affected institutions, you are mistaken.

Like all types of malware, the victim does not choose whether to be a corporation or a regular customer at home.

Our recommendation is to follow cyber security standards and policies if you are in a company, and if you are a regular user, be careful of the emails you receive because this is the most common entry for hackers for such attacks

Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.

How To Protect Against AvosLocker Ransomware

First and foremost, follow the guidelines and policies if you’re in the company.

To mitigate and prevent the AvosLocker ransomware organizations need to:

• Implement a data recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physical, separate, segmented, and secure location, such as a hard drive, storage device, or the cloud.
• Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization.
• Regularly back up data, and password protected backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Use multi-factor authentication where possible.
• Install and regularly update antivirus software on all hosts, and enable real-time detection. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.
• Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cyber security risks and vulnerabilities (i.e., ransomware and phishing scams).

Related Articles: