Security News > 2022 > June > Avos ransomware threat actor updates its attack arsenal

A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks.
The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.
AvosLocker has already targeted critical infrastructures in the US, such as financial services, manufacturing and government facilities, according to the FBI. The Avos team do not allow attacks against post-Soviet Union countries.
Once all reconnaissance and lateral movements have been completed, the attackers use a legitimate software deployment tool named PDQ Deploy to proliferate the ransomware and other tools across the target network.
In the past, Avos attacks have also revealed the use of other tools: the PuTTY Secure copy client tool, Rclone, Advanced IP scanner and WinLister.
Figure B. Avos victims who do not pay have their data sold, as stated on the Avos website: "All data is FOR SALE. Contact us with your offers. We only sell data to third parties if the owner of said data refuses to pay."
News URL
https://www.techrepublic.com/article/avos-ransomware-updates-attack/
Related news
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- OneBlood confirms personal data stolen in July ransomware attack (source)
- Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M (source)
- Medusa ransomware group claims attack on UK's Gateshead Council (source)
- Ransomware attack forces Brit high school to shut doors (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)