
AvosLocker ransomware evades detection

Cyber Talk, cyber security resources

May 06 — In recent weeks, the US Federal Bureau of Investigation released an advisory pertaining to the AvosLocker ransomware. A new variant of the AvosLocker ransomware takes advantage of unpatched security flaws to sleuth into systems. Once on a network, this version of AvosLocker disables antivirus solutions in order to evade detection.

AvosLocker ransomware

According to the advisory, AvosLocker has targeted organizations across multiple critical infrastructure sectors; from finance, to critical manufacturing, to government facilities.

The AvosLocker operators engage in double-extortion schemes. They encrypt files and demand a ransom to unlock the files. To increase the probability that a victim will pay, attackers threaten to leak the victim’s files on the darknet.

AvosLocker victims

The AvosLocker site plays host to many samples of stolen victim data. AvosLocker operators state that they have stolen data from targets in the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China and Taiwan.

How it works

AvosLocker ransomware starts out encrypting files on a target organization’s server. The files are then renamed with the .avos extension. Subsequently, the attackers send ransom notes to the victims, informing them of the need to pay the ransom. Attackers ask for payment in the cryptocurrency known as Monero, although Bitcoin is accepted for a 10-25% premium.

AvosLocker attackers have also been known to make phone calls to victims, directing them to the ransom payment portal. Victims have reported that, in some cases, attackers have been willing to negotiate payment sums.

How to avoid it

To avoid AvosLocker threats, leverage a series of mitigation tactics. These include:

Closing thoughts

Premium cyber security resources can help you fight ransomware. Check out’s ransomware prevention eBook.

Also, be sure to see’s latest ransomware articles:

Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the newsletter. 

Exit mobile version