AvosLocker Ransomware Striking Critical Infrastructure Targets
US authorities have issued a new alert regarding the threat to critical infrastructure providers from the AvosLocker ransomware group, which has targeted victims across the globe. In addition to US targets, AvosLocker has launched attacks against organizations in Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the UK, Canada, China, Taiwan, and more. The prolific advanced persistent threat group operates as a ransomware-as-a-service affiliate operation, and typically targets financial services and government entities. AvosLocker frequently deploys double extortion tactics to achieve its goals, however, some groups using its malware variant have taken a hands-on approach in their attacks.
According to security researchers, some AvosLocker victims receive calls from a representative from the APT. The caller allegedly encourages the victim to negotiate and threatens to post stolen data online if the victim does not comply. In certain cases, security researchers have observed AvosLocker actors executing distributed denial-of-service attacks during said negotiations. The attack method varies depending on the affiliate group involved in the attack, however. US critical infrastructure organizations should remain diligent in their cybersecurity practices to address the ongoing threat.