"Avos Ransomware Threat Actor Updates Its Attack Arsenal"

A new Cisco Talos Intelligence Group report reveals new tools used in Avos ransomware attacks. Avos is a ransomware group that has been active since July 2021. The group follows the Ransomware-as-a-Service (RaaS) business model, meaning they provide ransomware services such as automatic builds, data storage, negotiation assistance, automatic decryption tests, and more to various affiliates. AvosLocker currently supports Windows, Linux, and ESXi environments and offers automated configurable builds of the AvosLocker malware. Furthermore, the threat actor provides affiliates with a control panel, a negotiation panel with push and sound notifications, decryption tests, and access to a diverse network of penetration testers, initial access brokers, and other contacts. Avos also offers calling services and Distributed Denial-of-Service (DDoS) attacks, which means they call victims to pressure them to pay the demanded ransom or launch DDoS attacks during the negotiation to add stress to the situation. According to the FBI, AvosLocker has already targeted critical infrastructure in the US, including financial services, manufacturing, and government facilities. Attacks on post-Soviet Union countries are not allowed by the Avos team. On a Russian forum, a user known as "Avos" was seen attempting to recruit penetration testers with experience in Active Directory networks and initial access brokers. This article continues to discuss updates made to the Avos ransomware threat actor's attack arsenal and how to protect against this ransomware. 

TechRepublic reports "Avos Ransomware Threat Actor Updates Its Attack Arsenal"