Critical U.S. infrastructure targeted by AvosLocker ransomware

Featured image

Share this article

Hands working at an open laptop with green code on the screen, mouse on desk

Recently, the Federal Bureau of Investigation (FBI) and the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) released a joint advisory regarding the threat of AvosLocker ransomware on U.S. infrastructure. Additionally, the advisory contains indicators of compromise related to AvosLocker and recommended mitigations.

Read more: HIPAA compliant email: the definitive guide

What is AvosLocker? 

AvosLocker is a Ransomware-as-a-Service (RaaS) affiliate-based group. It has targeted multiple sectors, including but not limited to the financial services, critical manufacturing, and government facility sectors. 

Read more: Why health systems must take ransomware protection seriously

AvosLocker sells ransomware to affiliates who subsequently launch cyberattacks against organizations. AvosLocker services directly handle ransom negotiations and publish stolen data if the ransom is not paid. Unfortunately, critical U.S. infrastructure targeted by AvosLocker ransomware are at risk. 

Read more: To pay or not to pay for stolen data

How to recognize AvosLocker ransomware

The exact techniques, tactics, and procedures (TTPs) for executing the ransomware attack vary since different affiliates use AvosLocker. There are many possible TTPs that affiliates have used to gain access to a network.

However, many victims have traced Microsoft Exchange Server vulnerabilities as the likely intrusion vector. In addition, some of these vulnerabilities have had a patch available from May – to June 2020, further proving the importance of ensuring all software is updated to the latest version. It is important to note that Paubox Email Suite improves the cybersecurity of Microsoft 365

Read more: FinCEN updates advisory on managing ransomware attacks

There are a few indicators of compromise that remain the same no matter how the affiliate exploits a network system. These include:

  • Encryption and ransom demand linked to AvosLocker
  • Data published on the AvosLocker leak site if a ransom is not paid
  • Phone calls from AvosLocker representatives to pay the ransom or negotiate
  • Threats and executions of denial-of-service (DDOS) attacks during negotiations

How can organizations protect themselves from AvosLocker?

The joint advisory lists 16 recommendations to mitigate the risk of AvosLocker ransomware. here

Some of the recommendations are:

A proactive multi-layered approach to cybersecurity may be the best way to protect your network and systems from the threat of a cyberattack.

How Paubox can help critical U.S. infrastructure targeted by AvosLocker ransomware

While technical cybersecurity tools are essential, healthcare organizations should also consider the threat of social engineering scams and human error from employees. 

Sometimes all it takes for a cybercriminal to launch ransomware successfully is a carefully crafted phishing email. And organizations should prepare themselves for this possibility. After all, research shows that 85% of data breaches are by human error.

Paubox Email Suite Plus is the HIPAA compliant solution to protect your employees from malicious emails like phishing, spamviruses, and malware. Our HITRUST CSF certified software can flag suspicious emails and quarantine them safely away from your employees’ inboxes.

Paubox has other tools to protect your organization. ExecProtect provides security from display name spoofingDomainAge will spot emails with recently registered domain names and quarantine them. It also includes Zero Trust Email, which requires an additional layer of authentication before delivering an email.

Robust inbound email security is practically a necessity for companies these days. Keeping your security updated helps ensure the protection of your network.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022