The Federal Bureau of Investigation (FBI), the US Treasury Department, and FinCEN have released a joint advisory warning of an increase in cases of AvosLocker ransomware targeting critical US infrastructure. Along with critical infrastructure, other industries that have been on the radar of the threat actors behind AvosLocker include financial services, critical manufacturing sectors, and government facilities. While negotiations were ongoing, the threat actors threatened organizations with Distributed Denial of Service (DDoS) attacks along with leaking data. The AvosLocker leak site shows victims not only from the US, but other countries as well, including Syria, Saudi Arabia, the UAE, Spain, Belgium, Turkey, the U.K, Germany, China, Taiwan, and Canada.
Analyst Notes
In previous engagements, AvosLocker primarily targeted Linux based systems. Since AvosLocker operates as a Ransomware-as-a-Service (RaaS), Indicators of Compromise (IOCs) tend to be differentiated based on the developer and what or who they are targeting. In the joint advisory, some countermeasures were mentioned, including a recovery plan for sensitive data, network segmentation, backup of data, updating antivirus software, applying patches, and auditing user accounts, along with others.
https://cyware.com/news/fbi-avoslocker-ransomware-is-actively-targeting-us-critical-infrastructure-a29b363b
https://www.ic3.gov/Media/News/2022/220318.pdf
