In-depth Analysis of AvosLocker Ransomware

This blog post comes from the “In-depth Analysis of AvosLocker Ransomware Report” by the Brandefense CTI Analyst Team. For more details about the analysis, download the report.

Summary

AvosLocker is a group of ransomware detected in 2021, explicitly targeting Windows machines. It is known that AvosLocker is currently being developed to target Linux environments.

According to the RaaS model, the actors behind AvosLocker conduct surveillance before the attack campaign, select their targets based on their ability to pay the requested ransom and shape their attacks accordingly. The threat actors behind AvosLocker also have several underground forums, which could cooperate to reach their goals of Windows Active Directory penetration testing and expert specialists. Additionally, we are looking for people with remote access to the compromised system.

avoslocker post on forum
Figure 1: Sharing posted on the forum for the cooperation announcement

In case the ransom amount demanded as a result of a successful attack attempt from AvosLocker is not paid, the data leaked from the target system is published from the announcement page of AvosLocker hosted on the Tor network.

Onion Site: avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

avoslocker onion site
Figure 2: AvosLocker ransomware announcement site

AvosLocker, like many other ransomware groups, runs an affiliate program and offers its services to candidates who want to work with AvosLocker.

avoslocker partnership program
Figure 3: Details about the AvosLocker Partnership program

Targeted Countries by Avoslocker

  • The United States,
  • Argentina,
  • Australia,
  • Austria,
  • Belgium,
  • Brazil,
  • Canada,
  • China,
  • Colombia,
  • Germany,
  • India,
  • Israel,
  • Italy,
  • The Philippines,
  • Saudi Arabia,
  • Spain,
  • Syria,
  • Taiwan,
  • Turkey,
  • United Arab Emirates,
  • United Kingdom.

Targeted Sectors from Avoslocker Ransomware

  • Education,
  • Energy,
  • Financial Services,
  • Food and Beverage,
  • Government,
  • Healthcare,
  • Manufacturing,
  • Media,
  • Telecommunications,
  • Transportation,
  • Technology.

This blog post comes from the “In-depth Analysis of AvosLocker Ransomware Report” by the Brandefense CTI Analyst Team. For more details about the analysis, download the report.