May 06 — In recent weeks, the US Federal Bureau of Investigation released an advisory pertaining to the AvosLocker ransomware. A new variant of the AvosLocker ransomware takes advantage of unpatched security flaws to sleuth into systems. Once on a network, this version of AvosLocker disables antivirus solutions in order to evade detection.
According to the advisory, AvosLocker has targeted organizations across multiple critical infrastructure sectors; from finance, to critical manufacturing, to government facilities.
The AvosLocker operators engage in double-extortion schemes. They encrypt files and demand a ransom to unlock the files. To increase the probability that a victim will pay, attackers threaten to leak the victim’s files on the darknet.
The AvosLocker site plays host to many samples of stolen victim data. AvosLocker operators state that they have stolen data from targets in the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China and Taiwan.
How it works
AvosLocker ransomware starts out encrypting files on a target organization’s server. The files are then renamed with the .avos extension. Subsequently, the attackers send ransom notes to the victims, informing them of the need to pay the ransom. Attackers ask for payment in the cryptocurrency known as Monero, although Bitcoin is accepted for a 10-25% premium.
AvosLocker attackers have also been known to make phone calls to victims, directing them to the ransom payment portal. Victims have reported that, in some cases, attackers have been willing to negotiate payment sums.
How to avoid it
To avoid AvosLocker threats, leverage a series of mitigation tactics. These include:
- Maintaining a series of backups in physically separate, segmented and secure locations.
- Implementing network segmentation and creating offline password-protected data backups.
- Retain copies of critical data in locations separate from the main system where the data resides.
- Installing updates and patches to operating systems, software and firmware in a timely manner.
- Disable unused ports.
- Use multi-factor authentication where possible and strong passwords
Premium cyber security resources can help you fight ransomware. Check out CyberTalk.org’s ransomware prevention eBook.
Also, be sure to see CyberTalk.org’s latest ransomware articles:
- REvil ransomware gang returns, targeting new high-value victims (like you)
- How Hive ransomware Exchange server attacks could damage your business
- Ransomware on the rise in the public sector
Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.