Ransomware
New federal advisory on AvosLocker ransomware issued
More tools leveraged by AvosLocker ransomware affiliates known for combining open-source and legitimate software in their operations have been detailed in an updated joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency and the FBI, reports BleepingComputer.
Aside from using custom PowerShell, batch scripts, and web shells to facilitate lateral network movement and privilege escalation, AvosLocker affiliates have also been tapping into various remote administration tools, open-source network tunneling utilities, and adversary emulation frameworks, as well as credential harvesting and data exfiltration tools, according to the advisory. AvosLocker was also observed to have utilized the RDP Scanner, Notepad++, 7Zip, PsExec, and Nltest, as well as the NetMonitor malware masquerading as a network monitoring tool in its intrusions.
With various critical infrastructure entities across the U.S. already compromised by AvosLocker, organizations have been urged by the CISA and FBI to ensure application control mechanism adoption, limited remote desktop service access, and updated software and code to prevent compromise.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds