AdvisoriesAA23-284AOctober 11, 2023
October 11, 2023
The FBI and CISA have issued a joint advisory updating information on the AvosLocker ransomware variant, which operates as a ransomware-as-a-service (RaaS) and has targeted multiple U.S. critical infrastructure sectors. This advisory provides new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) related to AvosLocker, updating a previous advisory from March 17, 2022. Organizations are urged to implement the provided mitigation recommendations to protect against this and other ransomware threats.
October 11, 2023
AvosLocker, like many other threat actors, relies on a command and control mechanism to communicate with compromised systems. This typically involves a "dropper" – a piece of malicious software that, once the system is initially compromised, is downloaded onto disk and executed. A primary defense strategy for any organization should be to prevent the execution through the use of antivirus of these known malicious executables on endpoints. Contrary to some recommendations, it's crucial not to disable or remove antivirus protections. Instead, use it as your first line of defense against such threats.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
