Security News > 2022 > March > AvosLocker group is targeting US critical infrastructure, FBI says
The AvosLocker ransomware has targeted multiple victims across the country, according to the joint advisory [PDF] issued late last week by the FBI, Treasury Department and Financial Crimes Enforcement Network.
Palo Alto Networks' Unit 42 researchers in July 2021 wrote about an advertisement they saw on Dread, which they described as a "Reddit-like dark web discussion forum," for a new RaaS called AvosLocker, outlining features of the ransomware and letting affiliates who leverage the malware know that AvosLocker operators would handle the negotiation and extortion practices.
The group behind AvosLocker - dubbed "Avos" - also was seen trying to recruit people on the Russian forum XSS. Initially the ransomware targeted Windows-based machines, but Ghanshyam More, principal researcher at cybersecurity firm Qualys, wrote in a blog post earlier this month that a new variant of AvosLocker was seen attacking Linux systems.
In outlining the technical details of this AvosLocker group, the US agencies noted that the ransomware encrypts files on a victim's server and renames then with an ".
"Each of these ransomware groups uses unique victim identifiers to offer negotiation and 'support' while the victim tries to recover their data," Trend Micro researchers wrote in a blog post last year.
The public leak site lists victims of the ransomware as well as a sample of data allegedly stolen from the victim's network, giving organizations further proof of compromise.
News URL
Related news
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA, FBI Issue Guidance for Securing Communications Infrastructure (source)
- 8 US telcos compromised, FBI advises Americans to use encrypted communications (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)