18 matches found
ROFBS$Α$: Real Time Backup System Decoupled from ML Based Ransomware Detection
This study introduces ROFBS$α$, a new defense architecture that addresses delays in detection in ransomware detectors based on machine learning. It builds on our earlier Real Time Open File Backup System, ROFBS, by adopting an asynchronous design that separates backup operations from detection...
In-Depth Analysis of AvosLocker Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AvosLocker also known as Avos, is a ransomware-as-a-service that targets critical infrastructure organizations, primarily in the US, and has expanded to target both Windows and Linux systems. Its...
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency CISA and...
FBI and CISA Release Update on AvosLocker Advisory
Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released a joint Cybersecurity Advisory CSA, StopRansomware: AvosLocker Ransomware Update to disseminate known indicators of compromise IOCs, tactics, techniques, and procedures TTPs, and...
Avos ransomware group expands with new attack arsenal
By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the...
AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to...
AvosLocker Ransomware Variant Abuses Driver File to Disable Antivirus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate antivirus component to disable detection and blocking solutions...
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
We found an AvosLocker ransomware variant using a legitimate anti-virus component to disable detection and blocking solutions...
Weekly Threat Digest: 21 – 27 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10...
AvosLocker Ransomware group has targeted 50+ Organizations Worldwide
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...
FBI and FinCEN Release Advisory on AvosLocker Ransomware
The Federal Bureau of Investigation FBI and the Department of the Treasury’s Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based...
AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI
The FBI has issued an advisory about the AvosLocker ransomware. Notably the FBI has noticed that several victims have reported Microsoft Exchange Server vulnerabilities as the intrusion vector. AvosLocker is a Ransomware as a Service RaaS affiliate-based group that has targeted victims across...
AvosLocker Ransomware Behavior Examined on Windows & Linux
AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...
Gigabyte Allegedly Hit by AvosLocker Ransomware
The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest. On Wednesday, the gang posted a “press release” announcing that it had purportedly gutte...
Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc
Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more...
AvosLocker enters the ransomware scene, asks for partners
This blog post was authored by Hasherezade In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. The threat actor used this entry point to get into a Domain Controller and then leveraged it as a springboard to deploy ransomware. While examining the...