AvosLocker ransomware attacks CI enterprises in the USA

The FBI has warned about the use of extortionate AvosLocker software by attackers in attacks on critical infrastructure enterprises in the United States.

“AvosLocker is a partnership-based group of Ransomware as a Service (RaaS) attacking victims in various sectors of critical infrastructure in the United States, including, but not limited to, financial services, critical manufacturing and government agencies. As a result, AvosLocker compromise indicators range from indicators specific to AvosLocker malware to indicators specific to a specific partner responsible for penetration,” the FBI document says.

AvosLocker was first discovered in the summer of 2021, when its creators actively advertised their service on underground forums and invited partners. The peak of its activity occurred in November-December last year, however, several organizations still become victims of the extortionist every month.

AvosLocker operators even call their victims to direct them to the site where the ransom payment is being negotiated. The first to practice this approach were the extortionists Sekhmet, Maze, Ryuk and Conti.

In some cases, during negotiations, extortionists threaten and carry out DDoS attacks if the victim does not want to cooperate.

In order not to become victims of AvosLocker, organizations are recommended to perform network segmentation, regularly make offline backups, update software, and especially Microsoft Exchange Server, since it is this software that AvosLocker operators use as an attack vector.