U.S. critical infrastructure organizations across several industries — including government, financial services, and critical manufacturing — are being targeted by the AvosLocker ransomware-as-a-service operation, SecurityWeek reports.
The FBI and the Treasury Department have issued a joint advisory warning that threat actors have already leveraged AvosLocker to attack organizations in the U.S., Canada, Germany, Spain, United Arab Emirates, Syria, Saudi Arabia, Belgium, Turkey, Taiwan, and the U.K.
The advisory did not only include indicators of compromise for AvosLocker attacks but also contained information regarding their tools and exploited security vulnerabilities. The FBI and the Treasury Department also offered mitigation approaches and other resources that could be used against AvosLocker attacks.
"AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets. As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion," said the advisory.
AvosLocker ransomware attacking US critical infrastructure
U.S. critical infrastructure organizations across several industries — including government, financial services, and critical manufacturing — are being targeted by the AvosLocker ransomware-as-a-service operation.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.