Security News > 2023 > October > FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
AvosLocker ransomware affiliates are known to use legitimate software and open-source code for remote system administration to compromise and exfiltrate data from enterprise networks.
The FBI observed the threat actors using custom PowerShell, web shells, and batch scripts to move laterally on the network, increase their privileges, and to disable security agents on the systems.
Using details from the investigation of "An advanced digital forensics group," the FBI created the YARA rule below to detect NetMonitor malware on a network.
The current cybersecurity advisory adds to the information provided in a previous one released in mid-March, which notes that some AvosLocker ransomware attacks exploited vulnerabilities in on-premise Microsoft Exchange servers.
FBI: Avoslocker ransomware targets US critical infrastructure.