In a joint advisory, the FBI, Treasury Department, and FinCEN have warned against ongoing AvosLocker ransomware attacks. The advisory includes IOCs to detect and block the attacks.
The joint advisory
According to the advisory, AvosLocker has targeted multiple victims in critical infrastructure sectors in the U.S., along with financial services, critical manufacturing sectors, and government facilities as well.
In some of the cases, the ransomware targeted victims with phone calls and urged them to go to the onion site for negotiation, and threatened them to leak the stolen data.
In other cases, the group threatened and launched Distributed Denial-of-Service (DDoS) attacks during negotiations. The aim is to put pressure on the victim refusing to meet the demands.
Targeted countries
The leak site shows victims from the following countries such as the U.S., Syria, Saudi Arabia, the UAE, Spain, Belgium, Turkey, the U.K, Germany, China, Taiwan, and Canada.
About AvosLocker
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that claims to handle ransom negotiation directly, publishing and hosting stolen victim data after their affiliates compromise targets.
Since January 2022, the group implemented support for targeting Linux systems, particularly the VMware ESXi servers.
Due to its RaaS-based operational model, AvosLocker’s IOCs vary between indicators of its developers and indicators related to certain affiliates behind the targeted intrusion.
What to do?
The advisory has provided multiple countermeasures to stay protected from AvosLocker ransomware attacks. This includes a recovery plan for sensitive data, network segmentation, backup of data, updating antivirus software, applying patches, and auditing user accounts, along with other countermeasures.