FBI Releases AvosLocker Ransomware Advisory – Security Intelligence

Hacked Laptop. Cyber Security Virus Attack ProxyEgg FBI Releases AvosLocker Ransomware Advisory - Security Intelligence

FBI Releases AvosLocker Ransomware Advisory



On March 17, the FBI, the U.S. Treasury Financial Crimes Enforcement Network and the Department of the Treasury released a joint cybersecurity advisory about AvosLocker, a ransomware-as-a-service (RaaS) affiliate-based group. According to the advisory, AvosLocker has targeted victims across multiple critical infrastructure sectors, including finance, critical manufacturing and government facilities.

AvosLocker engages in what some call ‘double extortion’. These attacks begin by encrypting files and demanding a ransom to unlock the files. Then, the attackers threaten to leak the victim’s files on the darknet.

The AvosLocker leak site has posted many samples of stolen victim data. The group claims to have stolen data from targets in the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China and Taiwan. If a victim does not pay the ransom, AvosLocker threatens to sell the data to unspecified third parties.

How AvosLocker Ransomware Works

AvosLocker ransomware starts by encrypting files on a victim’s server. The files are then renamed with the .avos extension. Next, the threat actors send ransom notes to the victims with a link directing them to an AvosLocker .onion payment site. Payments in Monero are preferred; however, Bitcoin is accepted for a 10-25% premium.

The FBI also states that AvosLocker actors may make phone calls to victims to direct them to the ransom payment site. Some victims have reported that AvosLocker threat actors are willing to negotiate reduced ransom payments.

Vulnerabilities Connected With AvosLocker

Multiple reports have revealed on-premise Microsoft Exchange Server vulnerabilities as the likely intrusion vector. Some specific vulnerabilities include Proxy Shell vulnerabilities associated with CVE-2021-31207, CVE-2021-34523, CVE-2021-34473 and CVE-2021-26855. The level of intrusion vector sophistication likely correlates to the skillset of the AvosLocker affiliate who started the attack.

Mitigating AvosLocker Threats

To thwart AvosLocker attacks, the joint advisory offers a variety of mitigation tactics. They include:

  • Maintain multiple copies of sensitive or proprietary data and servers in physically separate, segmented and secure locations (hard drive, storage device, the cloud)
  • Implement network segmentation and maintain offline, password-protected data backups. This ensures limited disruption in case of an attack.
  • Keep copies of critical data separate from the system where the data resides
  • Install and update antivirus software on all hosts and enable real-time detection
  • Install updates and patches to operating systems, software and firmware in a timely manner and stay up to date about new updates and patches
  • Review domain controllers, servers, workstations and active directories for new or unknown user accounts
  • Audit and configure user accounts with least privilege in mind. Limit admin privilege only to those who need it and only for as long as they need it.
  • Disable unused ports
  • Consider adding an email banner to emails received from outside your group
  • Disable all hyperlinks in received emails
  • Use multi-factor authentication where possible
  • Use strong passwords, change passwords often and do not reuse passwords to network systems and accounts
  • Require admin credentials to install software
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network.
  • Focus on awareness and training about ransomware and phishing scams.

Additional Resources Against Ransomware

The FBI also provides other resources to help fight against ransomware. These include CISA’s Stop Ransomware site and CISA’s Ransomware Guide.

more from News

FBI Releases AvosLocker Ransomware Advisory

On March 17, the FBI, the U.S. Treasury Financial Crimes Enforcement Network and the Department of the Treasury released a joint cybersecurity advisory about AvosLocker, a ransomware-as-a-service (RaaS) affiliate-based group. According to the advisory, AvosLocker has targeted victims across multiple critical infrastructure sectors, including finance, critical manufacturing and government facilities. AvosLocker engages in what some […]

Source of this news: https://securityintelligence.com/news/fbi-releases-avoslocker-ransomware-advisory/

Related posts:

The Philosophy of Artificial Intelligence and The Importance of Transdisciplinary Research - BBN Tim...
Will humans worship artificial intelligence (AI) in the near future?  In less than two decades, machines have outclassed humans.  The development of full artificial intelligence could spe...
Proxy Vs. VPN: What’s The Difference? - Forbes
VPNs and proxies both obscure your internet protocol (IP) address, making it seem as though you are browsing from a different location. However, while they may have some similar benefits (like spoofi...
WP Engine Ending Support for .htaccess - Search Engine Journal
WordPress managed hosting provider WP Engine announced that it is ending support for .htaccess directives. WP Engine has started End-of-Life (EOL) processes for winding down the use of .htaccess on t...
Everything you need to know about data extraction - Flux Magazine
words Alexa Wang Data is being generated more than ever. The main reasons for that are the development of digital technologies and the internet, and it’s an excellent opportunity for businesses worl...
​KYC-Free Bitcoin Circular Economies: Free The Markets, Free The World - Bitcoin Magazine
What Is A Circular Economy?A Bitcoin circular economy is a free market where you can trade any products or services for bitcoin, including daily needs like food, jobs and housing.The state censors fi...
How can you unblock websites in UAE? - Daily Host News
UAE is a business hub acknowledged for its sleek skyscrapers. At the moment, UAE’s new political environment is getting influenced because of new cybersecurity threats.As per gulf businesses, four ou...
Form 424B4 Vahanna Tech Edge Acquis - StreetInsider.com
FILED PURSUANT TO RULE 424(b)(4)REGISTRATION NO. 333-260748 PROSPECTUS $174,000,000 Vahanna Tech Edge Acquisition I Corp. 17,400,000 Units Vahanna Tech Edge Acquisition I Corp. is a newly inco...
10 popular Open-Source Tools to Secure Your Linux Server in 2022 - Linux Shout
Since I started learning about computers I have heard many experienced users saying Linux is impenetrable, Linux offers the best security, and such. It is partly true that Linux offers various se...
Dallas Invents: 109 Patents Granted for Week of Nov. 30 » Dallas Innovates - dallasinnovates.com
Dallas Invents is a weekly look at U.S. patents granted with a connection to the Dallas-Fort Worth-Arlington metro area. Listings include patents granted to local assignees and/or those with a N...
Fix Windows Update Error Code 0x80244018 - TWCN Tech News
If when you try to install a Feature Update via Windows Update on your Windows 11 or Windows 10 computer, the update installation fails with error code 0x80244018, then this post is sure to help you....
What does a person need to know to Become a Sneaker Reseller? and also BBN Times
Do you love collecting athletic shoes? Are you thinking of joining the trainer reselling industry? There are a few things to consider sooner than taking the plunge into copping boots to resell ...
Thoughts After a Busy Day in Yankeeland - Views from 314 ft.
Yesterday was a very busy day in Yankeeland. The busiest it will get until the Winter Meetings, most likely, or until they make a big splash in free agency. First, the Yankees re-signed Aaron Boon...
Two Charged in SIM Swapping, Vishing Scams – Krebs on Security - Krebs on Security
Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone ...
Pesticide-Induced Diseases: Brain and Nervous System Disorders - Beyond Pesticides
Alzheimer’s Disease ● Amyotrophic Lateral Sclerosis (ALS) ● Dementia ● Epilepsy & Seizures ● Multiple Sclerosis (MS) ● Parkinson's Disease ● Other Neurological & Nervous System Disturbances T...
Microsoft Exchange server being hacked by the new LockFile ransomware - Illinoisnewstoday.com
A new ransomware gang, known as LockFile, uses a recently published ProxyShell vulnerability to encrypt a Windows domain after hacking into a Microsoft Exchange server. ProxyShell is the name of an ...
SolarWinds hackers have a whole may of new tricks for fast compromise attacks - Ars Technica
reader remarks 63 with 46 posters joining Percentage this story Almost exactly a year ago, surveillance researchers uncovered one of the worst document breaches during modern ...
Shelter Your IP Address and Waters Anonymously with Web Proxy server - Wales 247
The question of roa safety on the internet is quite important in this modern day. Every time you surf the Net, websites are hands down collecting your data, based on your amazing IP address. Firs...
Fix Steam Captcha not working - TWCN Tech News
Steam is one of the most popular and widely used gaming apps out there, and for good reason too. Not only can you play games there but also create them. While some games are free, others are to be pa...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30