- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
AvosLocker Striking Critical Infrastructure Targets
Several US authorities have released a new alert warning of the threat to critical infrastructure (CNI) providers from the AvosLocker ransomware group.
The ransomware-as-a-service affiliate operation is targeting financial services, manufacturing and government entities, as well as organizations in other sectors, the report revealed.
Victims reportedly hail from all over the globe, including the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan.
While double extortion is a common tactic used by affiliates to force payment, some groups using the malware variant have taken an even more hands-on approach.
“In some cases, AvosLocker victims receive phone calls from an AvosLocker representative. The caller encourages the victim to go to the onion site to negotiate and threatens to post stolen data online,” the advisory said. “In some cases, AvosLocker actors will threaten and execute distributed denial-of-service (DDoS) attacks during negotiations.”
The report, Indicators of Compromise Associated with AvosLocker Ransomware, was co-authored by the FBI, the Treasury and the latter’s Financial Crimes Enforcement Network (FinCEN). As the name suggests, it’s designed to help network defenders spot and mitigate the IoCs indicating an AvosLocker attack.
However, these will vary depending on the affiliate group involved, the report admitted.
IoCs include: persistence mechanisms such as modification of Windows Registry “Run” keys and the use of scheduled tasks; abuse of legitimate tooling such as Cobalt Strike, PowerShell, WinLister and AnyDesk; and targeting of on-premises Microsoft Exchange servers with Proxy Shell exploits.
The report concluded with a long list of mitigations, including network segmentation, prompt patching, multi-factor authentication and the disabling of unused ports.
AvosLocker hasn’t always targeted critical infrastructure. In October last year, it hit Chicago-based confectionary maker Ferrara just before Halloween.