Indicators of Compromise Associated with AvosLocker Ransomware

There’s a new joint Cybersecurity Advisory (Product ID: CU-000164-MW) out this week.

SUMMARY
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets. As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.

Access the full advisory on ic3.gov.

IVF provider Genea notifies patients about the cyberattack earlier this year.
Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine
Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
#StopRansomware: Interlock
Suspected XSS Forum Admin Arrested in Ukraine
Two more entities have folded after ransomware attacks

Related: