| Threat Alert
| Critical Infrastructure
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group targeting critical infrastructure sectors globally, including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.
AvosLocker ransomware encrypts files on a victim’s server and renames them with the “.avos” extension. AvosLocker actors then place ransom notes on the victim server and include a link to an AvosLocker .onion payment site.
Of all critical infrastructure sectors reportedly victimized by ransomware in 2021, the Healthcare and Public Health, Financial Services, and Information Technology sectors were the most frequent victims. Phishing emails, RDP exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents in 2021.
For more information on AvosLocker, see the FBI Joint Cybersecurity Advisory.
Keywords: Cyber Security,Critical Infrastructure, AvosLocker, phishing, ransomware