BLACKBERRY LIMITED AvosLocker and the affiliate group behind it appear to be ramping up their operations targeting critical infrastructure in the U.S., sparking a recent advisory from the FBI and FinCEN. The bulletin includes the malware's Indicators of Compromise (IoCs) and a warning that the criminal group seems to be focusing on financial services, critical manufacturing, government facilities and other critical industries.
First seen late 2021, this aggressive ransomware is designed to quickly encrypt valuable data on compromised machines. Like most modern ransomware families such as LokiLocker, AvosLocker is sold and distributed as Ransomware-as-a-Service (RaaS), which means that the attack vectors and targets of the malware are open to the needs of the malware operator. This threat is not just Windows® -based. In early 2022, a Linux® -based variant of the malware was found that targets VMware ESXi Virtual Machine (VM) environments.
AvosLocker has adopted a common feature of modern ransomware in its choice of double extortion. This ploy involves attackers compromising the victim's environment prior to the execution of the ransom attack and exfiltrating valuable data. Like the previously discussed malware family Karma, data pilfered by AvosLocker is often hosted on an Onion page found via the Tor browser. This tactic is meant to put additional pressure on affected organizations to pay the ransom demand, as attackers will publish sensitive data online if victims don't pay in time.
Operating SystemAttachments
- Original Link
- Original Document
- Permalink
Disclaimer
BlackBerry Ltd. published this content on 07 April 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 07 April 2022 14:42:03 UTC.
