AvosLocker

Malware updated 15 days ago (2024-08-23T20:19:50.703Z)

Download STIX

Preview STIX

AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal information, or holding data hostage for ransom. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently published an advisory concerning AvosLocker, indicating its increased threat level and prominence in cybercrime activities. Threat intelligence firm RedSense identified AvosLocker last year as part of a cluster of Conti offshoots, which include Black Basta, BlackBye, Karakurt, Royal Zeon, and Silent Ransom Group. These associated ransomware groups are known to feed data exfiltration to each other, creating a network of malicious activity. Furthermore, AvosLocker has been noted by researchers for its use in various ransomware operations alongside other notorious ransomware such as MedusaLocker, BlackCat, Trigona, and LockBit. Cybersecurity company SentinelOne observed that AvosLocker often appears in attacks along with payloads like BlackCat and LockBit. This suggests that AvosLocker is frequently used in conjunction with other malware types, enhancing its potential to cause significant harm. The repeated advisories from the FBI and CISA on AvosLocker underscore its ongoing threat to cybersecurity, warranting heightened vigilance and robust protective measures against this malicious software.

Description last updated: 2024-08-23T20:16:39.203Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Karakurt	4	Karakurt is a malicious software (malware) utilized by cybercriminals for data theft and extortion. It was revealed as the data extortion arm of the Conti cybercrime syndicate, with links to ITG23 affiliates. Karakurt has been associated with numerous attacks, including those carried out by Quantum,
Hive	4	Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated
Conti	3	Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Lateral Move...

RaaS

Ransom

Extortion

Linux

Antivirus

Rootkit

Windows

Encryption

Exploit

Malware

Esxi

Exploits

CISA

Fbi

Backdoor

Bitcoin

Rmm

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Black Basta	Unspecified	4	Black Basta is a notorious malware group known for its ransomware activities. The group has been active since at least early 2022, during which time it has accumulated an estimated $107 million in Bitcoin ransom payments. It leverages malicious software to infiltrate and exploit computer systems, of
REvil	Unspecified	2	REvil is a type of malware, specifically ransomware, that has been linked to significant cyber attacks. It emerged as part of the Ransomware as a Service (RaaS) model that gained popularity in 2020. This model established relationships between first-stage malware and subsequent ransomware attacks, s
Cuba Ransomware	Unspecified	2	The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Alphv	Unspecified	4	Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op
Blackmatter	Unspecified	2	BlackMatter is a recognized threat actor in the cybersecurity industry, notorious for its malicious activities and the execution of ransomware attacks. The group initially operated as DarkSide, responsible for the high-profile Colonial Pipeline attack in May 2021, which led to significant attention

Source Document References

Information about the AvosLocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	15 days ago	Karakurt Ransomware Group Suspect Appears in US Courtroom
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	FIN7 group advertises new EDR bypass tool on hacking forums
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	FIN7 group advertises new EDR bypass tool on hacking forums
DARKReading	2 months ago	Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini