Security News > 2022 > June > Avos ransomware threat actor updates its attack arsenal

Avos ransomware threat actor updates its attack arsenal
2022-06-23 13:50

A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks.

The threat actor provides a control panel for the affiliates, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers and other contacts.

AvosLocker has already targeted critical infrastructures in the US, such as financial services, manufacturing and government facilities, according to the FBI. The Avos team do not allow attacks against post-Soviet Union countries.

Once all reconnaissance and lateral movements have been completed, the attackers use a legitimate software deployment tool named PDQ Deploy to proliferate the ransomware and other tools across the target network.

In the past, Avos attacks have also revealed the use of other tools: the PuTTY Secure copy client tool, Rclone, Advanced IP scanner and WinLister.

Figure B. Avos victims who do not pay have their data sold, as stated on the Avos website: "All data is FOR SALE. Contact us with your offers. We only sell data to third parties if the owner of said data refuses to pay."

News URL