AvosLocker Ransomware Strikes Critical Infrastructure
Table of Contents
- By Patrick Ryan
- Mar 25, 2022
The ransomware attacks launched by AvosLocker are taking a toll on the United States’ critically important infrastructure. The attacks are serious enough to warrant attention from the FBI. FBI representatives state affiliates of the ransomware operation are using a litany of digital attacks to compromise targets and possibly posing a threat to national security.
The FBI recently created a cybersecurity advisory with the assistance of the Treasury Department to detail AvosLocker attacks. The advisory alerts companies in a wide array of sectors about the ransomware group’s tactics and touches on lines of defense against the digital threat.
What is AvosLocker all About?
AvosLocker is best described as a potent ransomware-as-a-service operation. The operation has compromised victims spanning a plethora of the country’s critical infrastructure sectors.
Which Sectors Does AvosLocker Target?
AvosLocker is zeroing in victims within important sectors that are fundamental to the operation and success of the United States economy. AvosLocker targets sectors ranging from government to manufacturing, financial services, and beyond.
Why is AvosLocker Considered a Ransomware-as-a-Service Program?
AvosLocker’s operations are labeled with the acronym of RaaS as its hackers create malware that is crypto locking. The operation also recruits affiliates who employ malicious code to infiltrate targeted computers.
AvosLocker publishes and hosts the information stolen from victims after its affiliates successfully infiltrate targeted computers, servers, and other devices. The affiliate typically receives about 75% of the ransom money. The remainder of the money is provided to AvosLocker.
What is an Example of an AvosLocker Attack?
AvosLocker attacks first zeroed in on comparably small firms back in the summer of 2021. The hackers focused on small businesses, including law firms, real estate companies, and logistics businesses based in the United States, Europe, and the United Kingdom. The hacking collective initially restricted ransom payments to monero cryptocurrency.
Fast forward to the winter of 2021, and AvosLocker was implementing ransomware attacks through a network of affiliates. The group has even gone as far as displaying interest in purchasing access to private networks on dark web discussion forums.
AvosLocker attacks are inconsistent as the group outsources digital infiltrations through affiliates. However, some compromised targets have traced the group’s attacks to initial exploits within Microsoft Exchange email server weaknesses that allow unauthorized access to the internal network. AvosLocker attacks are also characterized by software of the adversary-simulation variety, the swapping of encrypted files, and the encoding of PowerShell scripts.
Who is AvosLocker Targeting Now?
Digital security researchers indicate AvosLocker has expressed interest in obtaining access to the private networks of businesses with revenue in excess of $50 million per year as those businesses are most likely to pay the requested ransom. However, some of AvosLocker’s affiliates are still likely to target comparably small businesses as their digital defenses aren’t as robust as those of multinational corporations.
Is It Prudent to Pay the Requested Ransom?
There is no easy answer to this question. Victims who refuse to pony up the AvosLocker ransom face the prospect of their private data being leaked on the internet. The stolen data is slowly leaked to the public, little by little, to convince the target to pay the ransom.
AvosLocker hackers pick up the phone and directly contact representatives of the targeted business to discuss ransom payments. This potential nightmare scenario should be motivation enough to upgrade your digital defenses before your business becomes the next ransomware statistic.