AvosLocker

Malware updated 3 months ago (2024-08-23T20:19:50.703Z)

Download STIX

Preview STIX

AvosLocker is a type of malware, specifically ransomware, known for its malicious intent to exploit and damage computer systems. This software often infiltrates systems undetected through suspicious downloads, emails, or websites, subsequently causing disruption in operations, theft of personal information, or holding data hostage for ransom. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently published an advisory concerning AvosLocker, indicating its increased threat level and prominence in cybercrime activities. Threat intelligence firm RedSense identified AvosLocker last year as part of a cluster of Conti offshoots, which include Black Basta, BlackBye, Karakurt, Royal Zeon, and Silent Ransom Group. These associated ransomware groups are known to feed data exfiltration to each other, creating a network of malicious activity. Furthermore, AvosLocker has been noted by researchers for its use in various ransomware operations alongside other notorious ransomware such as MedusaLocker, BlackCat, Trigona, and LockBit. Cybersecurity company SentinelOne observed that AvosLocker often appears in attacks along with payloads like BlackCat and LockBit. This suggests that AvosLocker is frequently used in conjunction with other malware types, enhancing its potential to cause significant harm. The repeated advisories from the FBI and CISA on AvosLocker underscore its ongoing threat to cybersecurity, warranting heightened vigilance and robust protective measures against this malicious software.

Description last updated: 2024-08-23T20:16:39.203Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Karakurt is a possible alias for AvosLocker. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a	4
Hive is a possible alias for AvosLocker. Hive is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It often enters undetected through dubious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. In one notable incident, an enti	4
Conti is a possible alias for AvosLocker. Conti is a type of malware, specifically ransomware, that was designed to infiltrate computer systems, disrupt operations, and potentially hold data hostage for ransom. It has been linked to various ransomware groups such as Quantum, MountLocker, and the notorious Conti ransomware gang. The software	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Lateral Move...

RaaS

Ransom

Extortion

Linux

Antivirus

Rootkit

Windows

Encryption

Exploit

Malware

Esxi

Exploits

CISA

Fbi

Backdoor

Bitcoin

Rmm

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Black Basta Malware is associated with AvosLocker. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses	Unspecified	4
The REvil Malware is associated with AvosLocker. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th	Unspecified	2
The Cuba Ransomware Malware is associated with AvosLocker. The Cuba ransomware is a malicious software that first appeared on cybersecurity radars in late 2020 under the name "Tropical Scorpius." It is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's knowledge. Once insi	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with AvosLocker. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB	Unspecified	4
The Blackmatter Threat Actor is associated with AvosLocker. BlackMatter, a threat actor in the cybersecurity realm, is known for its malicious activities and has been linked to several ransomware strains. The group emerged as a successor to the DarkSide ransomware, which was responsible for the high-profile attack on the Colonial Pipeline in May 2021. Howeve	Unspecified	2

Source Document References

Information about the AvosLocker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	3 months ago	Karakurt Ransomware Group Suspect Appears in US Courtroom
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	FIN7 group advertises new EDR bypass tool on hacking forums
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	FIN7 group advertises new EDR bypass tool on hacking forums
DARKReading	4 months ago	Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini