Security Intelligence -
FBI Releases AvosLocker Ransomware Advisory
On March 17, the FBI, the U.S. Treasury Financial Crimes Enforcement Network and the Department of the Treasury released a joint cybersecurity advisory about AvosLocker, a ransomware-as-a-service (RaaS) affiliate-based group. According to the advisory, AvosLocker has targeted victims across multiple critical infrastructure sectors, including finance, critical manufacturing and government facilities.
AvosLocker engages in what some call ‘double extortion’. These attacks begin by encrypting files and demanding a ransom to unlock the files. Then, the attackers threaten to leak the victim’s files on the darknet.
The AvosLocker leak site has posted many samples of stolen victim data. The group claims to have stolen data from targets in the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China and Taiwan. If a victim does not pay the ransom, AvosLocker threatens to sell the data to unspecified third parties.
How AvosLocker Ransomware Works
AvosLocker ransomware starts by encrypting files on a victim’s server. The files are then renamed with the .avos extension. Next, the threat actors send ransom notes to the victims with a link directing them to