The Federal Bureau of Investigation (FBI) warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors.
This was disclosed in a joint cybersecurity advisory published last week in coordination with the US Treasury Department and the Financial Crimes Enforcement Network (FinCEN).
"AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors," the FBI said.
AvosLocker is a Ransomware-as-a-service (RaaS) that first surfaced during the summer of 2021. It was discovered on underground forums where operators of the ransomware were promoting their operation and calling for ransomware affiliates to join them. Since then, the RaaS operation has seen a spike in activity, constantly hitting and encrypting at least a handful of victims each month. According to the FBI, AvosLocker representatives are allegedly calling their victims to direct them to a payment site to negotiate reduced ransom payments. In some cases, AvosLocker negotiators have threatened to launch denial-of-service (DDoS) attacks during negotiations. In the event that victims do not negotiate or refuse to pay the ransom, AvosLock actors will publish the victim’s exfiltrated data on AvosLocker’s public leak site.
The advisory published by the FBI has some useful mitigation measures which network defenders can refer to for preventing AvosLocker ransomware attacks. This includes segmenting networks, regularly backing up data, using multifactor authentication where possible, as well as keeping software up to date, especially Microsoft Exchange Server, a known attack vector used by AvosLocker affiliates.
Please refer to the advisory below for a comprehensive mitigation plan: https://www.ic3.gov/Media/News/2022/220318.pdf
Check out these Ransomware Fundamentals from ThreatAdvice: https://www.threatadvice.com/blog/ransomware-fundamentals
5 Steps Protect Yourself From Ransomware: https://www.threatadvice.com/blog/how-to-protect-yourself-from-ransomware-5-steps