logo
Home

Blog Details

Scroll

AvosLocker Ransomware Advisory Releases from the FBI

Posted by Marbenz Antonio on May 9, 2022

Furtim Malware: As Stealthy as Its Name Implies

On March 17, the FBI, the CIA, and the U.S. AvosLocker, a Ransomware-as-a-Service (RaaS) affiliate-based group, was the subject of a joint cybersecurity alert from the Treasury Financial Crimes Enforcement Network and the Department of the Treasury. AvosLocker has targeted victims in a variety of vital infrastructure industries, including financial, key industrial, and government institutions, according to the alert.

AvosLocker practices what some refer to as “double extortion.” The first step in these assaults is to encrypt files and demand a fee to decrypt them. The attackers then threaten to post the victim’s personal information on the darknet.

Many samples of stolen victim data have been released on the AvosLocker breach site. Data was obtained from targets in the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China, and Taiwan, according to the organization. If the ransom is not paid, AvosLocker threatens to sell the data to unknown third parties.

How Does AvosLocker Ransomware Work?

The ransomware AvosLocker begins by encrypting data on the victim’s server. After that, the files are renamed with the.avos extension. The threat actors then email the victim’s ransom notes that include a link to an AvosLocker.onion payment site. Monero payments are preferred, however, Bitcoin is accepted for a 10% to 25% premium.

AvosLocker perpetrators may also telephone victims to lead them to the ransom payment site, according to the FBI. According to certain victims, AvosLocker threat actors are prepared to negotiate lower ransom payments.

Vulnerabilities Connected With AvosLocker

On-premise Microsoft Exchange Server vulnerabilities have been identified as a possible infiltration route in many publications. Proxy Shell vulnerabilities related to CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, and CVE-2021-26855 are only a few examples. The precision of the intrusion vector is likely related to the expertise of the AvosLocker associate who launched the assault.

Mitigating AvosLocker Threats

The joint advice recommends a number of mitigating strategies to combat AvosLocker assaults. They include:

  • Multiple copies of sensitive or proprietary data and servers should be stored in physically distinct, segregated, and secure places (hard drive, storage device, the cloud)
  • Maintain offline, password-protected data backups and network segmentation. In the event of an assault, this assures little interruption.
  • Keep important data copies distinct from the system where the data is stored.
  • On all hosts, install and update antivirus software, and activate real-time detection.
  • Install operating system, software, and firmware upgrades as soon as they become available, and remain informed about new updates and patches.
  • Look for new or unfamiliar user accounts on domain controllers, servers, workstations, and active directories.
  • User accounts should be audited and configured with the least amount of privilege possible. Only provide admin access to those who require it, and only for as long as they require it.
  • Unused ports are disabled.
  • Consider including an email banner in communications from people outside your company.
  • All hyperlinks in received emails should be disabled.
  • If possible, use multi-factor authentication.
  • Use strong passwords, update them frequently, and don’t reuse passwords for network accounts and services.
  • To install software, you’ll need admin access.
  • Avoid utilizing public Wi-Fi networks and always utilize secure networks. Install and use a virtual private network (VPN).
  • Emphasize ransomware and phishing scam knowledge and training.

 

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Recent posts

Verified by MonsterInsights