Several US authorities issued an alert warning of the threat to critical national infrastructure (CNI) providers from the AvosLocker ransomware group.
The group is a ransomware-as-a-service affiliate operation known for targeting financial services, manufacturing and government entities, as well as other sectors, the report indicated.
AvosLocker seems to be geographically indiscriminate, with some victims hailing from the US, Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the United Arab Emirates, the UK, Canada, China and Taiwan.
The report, Indicators of Compromise Associated with AvosLocker Ransomware, was co-authored by the FBI, the Treasury and the latter’s Financial Crimes Enforcement Network (FinCEN).
The report was designed to help network defenders spot and mitigate the IoCs indicating an AvosLocker attack.
Many AvosLocker affiliates use double extortion techniques to force payment, some groups using the maware variant have taken a more proactive approach.
“In some cases, AvosLocker victims receive phone calls from an AvosLocker representative. The caller encourages the victim to go to the onion site to negotiate and threatens to post stolen data online,” the advisory said. “In some cases, AvosLocker actors will threaten and execute distributed denial-of-service (DDoS) attacks during negotiations.”