The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to provide a comprehensive Cybersecurity Advisory (CSA) with the aim of addressing the persistent challenge posed by ransomware threats. This CSA specifically focuses on providing insights into the AvosLocker malware. This warning equips businesses with essential information for the identification of Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), as well as detection methodologies linked to this specific type of ransomware.
Presentation of AvosLocker: A Ransomware as a Service (RaaS) Menace
AvosLocker is a widely recognized Ransomware as a Service (RaaS) consortium that functions in collaboration with affiliated entities. The cybercriminals have targeted multiple areas of essential infrastructure in the United States, including Financial Services, essential Manufacturing, and Government Facilities. AvosLocker performs the dual function of managing ransom negotiations and serving as a platform for the publication and hosting of exfiltrated victim data, hence intensifying the consequences for businesses impacted by its activities.
The Operation of AvosLocker: Technical Considerations
The AvosLocker ransomware employs encryption techniques to secure files located on a server belonging to the targeted individual, while also adding the “.avos” extension to the encrypted files. After the process of encryption, the individuals involved in the act proceed to leave ransom notes on the server of the targeted entity, accompanied by a hyperlink directing to the payment platform AvosLocker. The requested form of payment typically involves the use of Monero, although Bitcoin is also accepted at an additional cost. Shockingly, alleged AvosLocker representatives have been reported as calling victims, directing them to the payment site, and even negotiating ransom amounts.
The ransomware functions on Windows operating systems and is coded in the C++ programming language. The software utilizes a range of discretionary command line parameters, enabling malicious actors to alter specific functionalities.
Unveiling the Extent of the Threat: Geographical Reach and Data Exposure
The AvosLocker ransomware has been observed to affect victims in various countries, including the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China, and Taiwan. The gravity of the threat is exacerbated by the fact that the perpetrators of AvosLocker ransomware assert their intention to vend pilfered data to undisclosed third parties in the event that victims decline to remit the demanded ransom.
The Approaches and Targets of AvosLocker: Risks and Intrusion Vectors
According to reports from victims, it has been observed that AvosLocker is most likely gaining unauthorized access through exploiting vulnerabilities found in on-premise Microsoft Exchange Servers. The identified vulnerabilities, namely CVE-2021-31207, CVE-2021-34523, CVE-2021-34473, and CVE-2021-26855, have been identified as potential ports of entry that expose systems to risks. This underscores the significance of rapidly applying patches and implementing robust security measures to safeguard against these well-known vulnerabilities.
Taking a Stand: Best Practices and Mitigations
Given the dynamic nature of this emerging danger, it is imperative for enterprises to adopt a proactive approach to safeguarding their systems and data. To enhance an organization’s security against ransomware attacks, it is imperative to execute a complete recovery strategy, uphold secure and segmented backups, consistently update antivirus software, and enforce stringent password regulations.
Network segmentation, user account auditing, and cybersecurity training for users are all essential elements of a robust cybersecurity plan.
In the ongoing struggle against ransomware, the importance of teamwork and information sharing cannot be overstated, as these factors play a crucial role in enabling enterprises to proactively mitigate cyber threats such as AvosLocker. It is imperative to remain well-informed and maintain a cautious attitude in order to collectively combat the issue of ransomware.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article here