(RightWing.org) – The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) work together to help Americans guard against the ever-expanding and evolving cybercrime threat and the persistent challenge of ransomware attacks on infrastructure, national security, public and private industry, companies, and individuals. Those agencies recently released a warning about the latest cyberattack threat.
On October 11, the FBI and CISA announced their release of a joint Cybersecurity Advisory (CSA), warning critical infrastructure components about the rising threat of AvosLocker. Unlike traditional ransomware programs, AvosLocker operates as a consortium of affiliated cybercrime gangs and organizations using Ransomware as a Service (RaaS).
This group targets multiple aspects of American infrastructure, such as government facilities, essential manufacturing operations, and financial services. Acting as a sort of cyber overlord over the group’s affiliated entities, AvosLocker provides a launch platform for various ransomware attacks and hosts stolen/ransomed/hacked victim data, intensifying the short and long-term impact of RaaS attacks on businesses and industry.
Likewise, AvosLocker has a history of using Distributed Denial of Service (DDoS) to pressure victims like Big Tech giants Google, Cloudflare, and Amazon into paying large ransoms. There is mounting concern among experts that this consortium of cybercriminals could trigger widespread disruptions to services vital to American infrastructure by taking down the businesses and services that operate on those companies’ systems.
Last year, Google reported that it sustained the largest DDoS attack in its history. However, in August, the company blocked “an even larger attack,” a whopping 7.5 times larger than the previous record holder. Similarly, Cloudflare recently reported an attack that was “three times larger” than any other it had sustained before.
The joint CSA updates a previous alert issued by CISA, the FBI, and the Treasury Department’s Financial Crimes Enforcement Network on March 17, 2022. This new warning provides additional information regarding known AvosLocker detection methods discovered “as recently as May 2023.”
The CSA also provides helpful information for potential victims regarding AvosLocker’s tactics, techniques, and procedures (TTPs). Likewise, it included information about the service’s known indicators of compromise (IOCs) to help essential operations defend against and detect AvosLocker’s ransomware variants.
The consortium’s ransomware software uses the C++ programming language and targets Windows-based operation systems. Its systems use various command-line parameters that enable consortium members to alter specific functions within essential industries and governmental entities.
CISA and the FBI encouraged critical infrastructure groups to quickly implement the recommendations included in the CSA’s Mitigation section to “reduce the likelihood and impact” of the consortium’s ransomware attacks.
Copyright 2023, RightWing.org
