A data breach on the City of Geneva’s website and online data systems occurred early one morning in July. The City’s data was posted on a dedicated leak site by a second ransomware organization two days later. This ransomware organization, dubbed AvosLocker, is currently on the search for more collaborators.
What transpired?
The ransomware was originally discovered in late June. Its operators are now looking for affiliates on a number of underground message boards. According to their job posting, they are looking for hackers with remote access to hacked infrastructure.
AvosLocker Ransomware
- Despite its lack of sophistication, the malware has already claimed a number of victims.
- On hacked devices, the attacker manually installs AvosLocker. Furthermore, it is devoid of any protective or encryption layer.
- Data exfiltration may be done manually because the ransomware’s delivery model necessitates manual access.
- String obfuscation is used by the malware, which uses two encryption algorithms: symmetric AES and asymmetric AES.
The Hunt for Affiliates is on
AvosLocker isn’t the only company looking for affiliates.
- There has been an upgrade to LockBit 2.0, and a new affiliate recruitment session has been announced by the LockBit group.
- While LockBit was touting its RaaS operation on its website, researchers discovered Himalaya was doing the same.
Meanwhile, other threat actors are trying to fill the void left by the infamous REvil gang’s disappearance. Several businesses are affected on a daily basis by these types of attacks, which have become much too widespread in recent years. Our internal experts suggest end-users and businesses alike to stay safe by boosting their cybersecurity defenses.
To read more, please check eScan Blog
