Security News > 2023 > October > FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
AvosLocker ransomware affiliates are known to use legitimate software and open-source code for remote system administration to compromise and exfiltrate data from enterprise networks.
The FBI observed the threat actors using custom PowerShell, web shells, and batch scripts to move laterally on the network, increase their privileges, and to disable security agents on the systems.
Using details from the investigation of "An advanced digital forensics group," the FBI created the YARA rule below to detect NetMonitor malware on a network.
The current cybersecurity advisory adds to the information provided in a previous one released in mid-March, which notes that some AvosLocker ransomware attacks exploited vulnerabilities in on-premise Microsoft Exchange servers.
FBI: Avoslocker ransomware targets US critical infrastructure.
News URL
Related news
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense (source)
- Data Theft Drove 94% of Global Cyberattacks in 2024 & Ransomware Defenses are “Increasingly Complex” (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up (source)