Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group.

The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated.

AvosLocker seems to be geographically indiscriminate, with some victims hailing from the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan.

The report, Indicators of Compromise Associated with AvosLocker Ransomware, was co-authored by the FBI, the Treasury and the latter’s Financial Crimes Enforcement Network (FinCEN).

The report was designed to help network defenders spot and mitigate the IoCs indicating an AvosLocker attack.

Many AvosLocker affiliates use double extortion techniques to force payment, some groups using the maware variant have taken a more proactive approach.

“In some cases, AvosLocker victims receive phone calls from an AvosLocker representative. The caller encourages the victim to go to the onion site to negotiate and threatens to post stolen data online,” the advisory said. “In some cases, AvosLocker actors will threaten and execute distributed denial-of-service (DDoS) attacks during negotiations.”


The post AvosLocker ransomware hits critical infrastructure appeared first on IT Security Guru.


You May Also Like

Cloudflare launches paid public bug bounty program

The American web infrastructure and website security company Cloudflare has announced the…

High rates of known, exploitable vulnerabilities still found in the wild, report reveals

This week, smart vulnerability management provider Edgescan has published the findings of…

Lazarus Group, Cobalt Gang and FIN7 the Worst Threat Actors Targeting the Financial Services Sector

A new industry report by Blueliv, an Outpost24 company, has deep dived into the evolving threat landscape that…