html
AvosLocker Ransomware: FBI and CISA’s Rising Security Concerns
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory warning about the rising prevalence of AvosLocker ransomware attacks. This sophisticated type of malware encodes files and systems, making them inaccessible until a ransom is paid.
First published in March 2022 as part of CISA’s ‘Stop Ransomware’ campaign, the advisory has been periodically updated with new indicators of compromise, the latest being from January to May this year. This initiative forms part of the National Security Agency (NSA) and CISA’s joint efforts to bolster national cybersecurity measures.
The advisory offers compromise indicators and detection methods for AvosLocker, alongside a YARA coding rule for evaluating potentially compromised software. Significantly, software developers are urged to adopt secure-by-design and -default principles to tackle ransomware attacks.
Furthermore, a rising trend of dual ransomware attacks has been observed, where separate attacks occur against the same victim within 10 days. These attacks usually involve different ransomware variants, including AvosLocker, Diamond, Hive Karakurt, LockBit, Quantum, and Royal.
In light of these mounting threats, the FBI encourages individuals to promptly report suspicious activities, providing as many specifics as possible, such as time, location, affected equipment, and the nature of the activity.
For mitigating these risks, the FBI makes several recommendations. These include maintaining offline backups of data, encrypting all backup data, reviewing third-party and vendors’ security measures, and establishing protocols to execute only known and allowed programs.
The admonition of the CISA and FBI underlines the importance of regular cybersecurity evaluations and audits to discover and correct any misconfigurations. By proactively addressing these, organizations can significantly lower their risk of falling to AvosLocker and similar cyber threats.
If you enjoyed this article, please check out our other articles on CyberNow