The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a comprehensive joint cybersecurity advisory to combat the rising threat of ransomware.
This advisory aims to raise awareness of the AvosLocker ransomware, providing essential information to help users and experts better understand this malicious variant and bolster their defenses against it. The release is part of a broader initiative, #StopRansomware, focused on sharing critical technical details related to ransomware operations.
AvosLocker, a ransomware-as-a-service (RaaS) variant, debuted on the threat landscape in September 2021, and has steadily expanded its horizons. Since January, the criminal group has incorporated encryption mechanisms specifically targeting Linux systems, including VMware ESXi servers.
This contrasts with many similar operations that primarily focus on Windows systems. The criminal operators even advertised a variant of their malicious tool, AvosLinux, designed to support Linux and ESXi servers.
The joint cybersecurity advisory sheds light on AvosLocker's tactics, techniques and procedures (TTPs), including indicators of compromise (IOCs).
It reveals that AvosLocker affiliates gain initial access to victims' networks using a combination of open-source remote system administration tools and legitimate software, quietly penetrating network defenses. The advisory lists various tools and methods employed by the perpetrators, such as:
Security experts have observed AvosLocker affiliates executing privilege escalation, lateral movement and the disabling of antivirus software on compromised networks. This is achieved through the use of PowerShell and batch (.BAT) scripts and custom webshells for network access.
The FBI and CISA have offered crucial recommendations for organizations to defend against AvosLocker and similar threats. These include:
Additionally, specialized software like Bitdefender Ultimate Security can detect anomalous activity on vulnerable systems and mitigate attacks.
Regular data backups, including cold backup copies stored offline, ensure data availability in case of system encryption. Encrypting sensitive documents is also effective against data leaks, preventing perpetrators from exploiting them for extortion.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024