ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Recent AD News

Ransomware-as-a-Service group targets critical US assets

In a recently released cybersecurity advisory, the FBI revealed that Avoslocker, the Ransomware-as-a-Service group that surfaced in mid-2021, was responsible for targeting US-based critical infrastructure across multiple sectors. The statement was jointly authored by the US Treasury Department and the Financial Crimes Enforcement Network (FinCEN).

The press release also shed light on the modus operandi of the RaaS group, stating that:

 AvosLocker ransomware encrypts files on a victim’s server and renames them with the “.avos” extension. AvosLocker actors then place ransom notes on the victim server and include a link to an AvosLocker .onion payment site. Depending upon the affiliate, payments in Monero are preferred; however, they accept Bitcoin for a 10-25% premium. We have also observed alleged AvosLocker representatives make phone calls to the victims to direct them to the payment site to negotiate. Multiple victims have also reported that AvosLocker negotiators have been willing to negotiate reduced ransom payments.

Moreover, the statement also included a indicators of compromise (IOC) that succeed a possible Avoslocker attack and the mitigation strategies that must be implemented to prevent its unauthorized entry to a network.

The AvosLocker leak site claims to have targeted victims in the United States, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the United Kingdom, Canada, China, and Taiwan.

Avoslocker broke into the threat landscape on December 2021, as Bleeping Computer reported that the ransomware aims to disable endpoint security solutions by booting up the compromised devices in Windows safe mode, as security functions become dormant by default during that process.

Related posts
Recent AD News

Chinese hacker group 'Naikon' strikes again: Targets ASEAN nations

Recent AD News

Bumblebee: A new malware loader on the prowl

Recent AD News

FBI issues alert: A lethal ransomware that breached 60 companies

Recent AD News

Israel's Pegasus spyware finds a new target


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.