AvosLocker ransomware is found targeting US critical infrastructures

The FBI has warned US organizations that AvosLocker ransomware is found targeting US critical infrastructure sectors recently.

US Treasury Department and the Financial Crimes Enforcement Network (FinCEN), CISA and FBI has disclosed a join cybersecurity advisory this week on the same.

AvosLocker ransomware cybersecurity advisory from CISA

“AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors,” said the FBI.

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.”

The advisory has indicators of compromise (IOCs) that can be used to identify and handle AvosLocker ransomware payloads. This new ransomware was first identified in 2021, that was promoting their RaaS operation on black market and dark web market requesting for ransomware affiliates to join them. On Dec 2021, AvosLocker ransomware operators compromised US police department and gave away a free decryptor later.

The FBI also mentioned that the ransomware operators are now going one step ahead to call the victims directly and then directing them how to make the ransom payments. The tactic has been followed by other ransomware groups including Ryuk, Conti, Sekhmet and Maze.

In certain cases, the AvosLocker ransomware group is also seen launching DDOS attacks on the victims when they fail or hesitant to meet their ransom demands.

How to mitigate against AvosLocker ransomware?

Network administrators and security professionals are requested to implement network segmentation, backups, periodic patch deployments with special attention to MS Exchange Server that is found to be a key attack vector of AvosLocker hackers.

On a separate note, the FBI also warned of another ransomware attacks targeting 52 critical US infrastructure called ‘Ragnar Locker Ransomware’ that employs virtual machines to evade malware detection tools.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.