Security News > 2022 > June > Avos ransomware threat actor updates its attack arsenal
A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks.
The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.
AvosLocker has already targeted critical infrastructures in the US, such as financial services, manufacturing and government facilities, according to the FBI. The Avos team do not allow attacks against post-Soviet Union countries.
Once all reconnaissance and lateral movements have been completed, the attackers use a legitimate software deployment tool named PDQ Deploy to proliferate the ransomware and other tools across the target network.
In the past, Avos attacks have also revealed the use of other tools: the PuTTY Secure copy client tool, Rclone, Advanced IP scanner and WinLister.
Figure B. Avos victims who do not pay have their data sold, as stated on the Avos website: "All data is FOR SALE. Contact us with your offers. We only sell data to third parties if the owner of said data refuses to pay."
- Ransomware attacks still the #1 threat to businesses and organizations (source)
- US agricultural machinery maker AGCO hit by ransomware attack (source)
- Costa Rica declares national emergency after Conti ransomware attacks (source)
- Colonial Pipeline faces nearly $1m fine one year after ransomware attack (source)
- Lincoln College to close after 157 years due ransomware attack (source)
- Conti Ransomware Attack Spurs State of Emergency in Costa Rica (source)
- Ransomware: How executives should prepare given the current threat landscape (source)
- Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (source)
- Engineering firm Parker discloses data breach after ransomware attack (source)
- Higher education institutions being targeted for ransomware attacks (source)