AvosLocker, a ransomware-as-a-service menace that launched in July 2021, continues to attack US critical infrastructure, the US Federal Bureau of Investigations (FBI) has warned in an advisory.
The AvosLocker gang has targeted victims in the US within financial services, critical manufacturing, and government facilities, according to the FBI.
“AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets,” the FBI’s Internet Crime Center (IC3) reports.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
AvosLocker hit the ransomware scene last year, cunningly using AnyDesk remote admin software in Windows Safe Mode to bypass anti-malware software. PaloAlto Networks’ assessed that AvosLocker is a marketing-savvy operation based on “press releases” it publishes on dark web forums to threaten victims and attract affiliates.
“AvosLocker offers technical support to help victims recover after they’ve been attacked with encryption software that the group claims is “fail-proof,” has low detection rates and is capable of handling large files,” Palo Alto Networks said.
The gang claims to have caused havoc at organizations in the US, the UK, the UAE, Belgium, Spain and Lebanon, with ransom demands ranging from $50,000 to $75,000.