One early morning in July, the City of Geneva suffered a data breach on its website and online data systems. Two days later, a new ransomware group listed Geneva on its dedicated leak site. Dubbed AvosLocker, this ransomware gang is now on the lookout for more partners.

What’s going on?

The ransomware first came to light in late June. Its operators are now searching for affiliates via several underground forums. Their recruitment announcement indicates that they are looking for hackers who have remote access to hacked infrastructure.

About AvosLocker

  • Although not too sophisticated, the ransomware has already claimed several victims.
  • The attacker deploys AvosLocker manually on compromised machines. In addition to this, it does not come with any protective/crypter layer.
  • As the delivery model of the ransomware requires manual access, data exfiltration is possibly conducted manually.
  • The malware follows string obfuscation and leverages two encryption algorithms - symmetric: AES and asymmetric: AES.

Everyone wants a partner

AvosLocker is not alone in its endeavor to find affiliates.
  • The LockBit gang launched an upgraded version of the ransomware—LockBit 2.0—and announced a new affiliate recruitment session.
  • Himalaya, a relatively new ransomware, was found promoting its RaaS operation on its website, at the same time as LockBit.

The bottom line

As the notorious REvil gang is still hidden, other threat actors are active in the quest for filling up the void. These kinds of attacks have become way too common and several industries are impacted on a daily basis. Hence, amp your cybersecurity defenses and stay safe.

Cyware Publisher

Publisher

Cyware