Yesterday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly issued a Cybersecurity Advisory. This advisory unveiled indicators of compromise (IOCs) associated with the AvosLocker ransomware, as announced on their Twitter post.
The #FBI and @CISAgov released a joint #CyberSecurityAdvisory to publicize indicators of compromise (IOCs) associated with AvosLocker ransomware, which has targeted critical infrastructure sectors. Click to read and help #StopRansomware: https://t.co/Z6Qov0fiG3 pic.twitter.com/kZNq7L1yL2
— FBI Los Angeles (@FBILosAngeles) October 11, 2023
Identified to have targeted key infrastructure sectors in the U.S. in recent months, AvosLocker appeared, according to a #StopRansomware update from the FBI and CISA in investigations as of May 2023. The advisory added that, the ransomware exploits Windows, Linux, and VMware ESXi environments, functioning under a ransomware-as-a-service (RaaS) model.
What differentiates AvosLocker is its affiliates' use of legitimate software and open-source administration tools to breach the victims' networks. Once infiltrated, the ransomware uses data exfiltration tactics, and threatens the leaking and/or publishing of stolen data for further ransom demands.
In response to these discoveries, the joint Cybersecurity Advisory provided data on known IOCs, tactics, techniques, and procedures (TTPs) linked with AvosLocker. This is part of the ongoing #StopRansomware campaign, offering providers network defensive information and resources to counter these threats.
Although ransomware attacks are common, the level of targeting critical infrastructure sectors by AvosLocker affiliates adds new concerns over disruptions.