Recently, the Federal Bureau of Investigation (FBI) and the Department of Treasury's Financial Crimes Enforcement Network (FinCEN) released a joint advisor y regarding the threat of AvosLocker ransomware on U.S. infrastructure. Additionally, the advisory contains indicators of compromise related to AvosLocker and recommended mitigations.
Read more: HIPAA compliant email: the definitive guide
What is AvosLocker?
AvosLocker is a Ransomware-as-a-Service (RaaS) affiliate-based group. It has targeted multiple sectors, including but not limited to the financial services, critical manufacturing, and government facility sectors.
Read more: Why health systems must take ransomware protection seriously
AvosLocker sells ransomware to affiliates who subsequently launch cyberattacks against organizations. AvosLocker services directly handle ransom negotiations and publish stolen data if the ransom is not paid. Unfortunately, critical U.S. infrastructure targeted by AvosLocker ransomware are at risk.
Read more: To pay or not to pay for stolen data
How to recognize AvosLocker ransomware
The exact techniques, tactics, and procedures (TTPs) for executing the ransomware attack vary since different affiliates use AvosLocker. There are many possible TTPs that affiliates have used to gain access to a network.
However, many victims have traced Microsoft Exchange Server vulnerabilities as the likely intrusion vector. In addition, some of these vulnerabilities have had a patch available from May - to June 2020, further proving the importance of ensuring all software is updated to the latest version. It is important to note that Paubox Email Suite improves the cybersecurity of Microsoft 365.
Read more: FinCEN updates advisory on managing ransomware attacks
There are a few indicators of compromise that remain the same no matter how the affiliate exploits a network system. These include:
- Encryption and ransom demand linked to AvosLocker
- Data published on the AvosLocker leak site if a ransom is not paid
- Phone calls from AvosLocker representatives to pay the ransom or negotiate
- Threats and executions of denial-of-service (DDOS) attacks during negotiations
How can organizations protect themselves from AvosLocker?
The joint advisory lists 16 recommendations to mitigate the risk of AvosLocker ransomware. here , Some of the recommendations are:
A proactive multi-layered approach to cybersecurity may be the best way to protect your network and systems from the threat of a cyberattack.
How Paubox can help critical U.S. infrastructure targeted by AvosLocker ransomware
While technical cybersecurity tools are essential, healthcare organizations should also consider the threat of social engineering scams and human error from employees.
Sometimes all it takes for a cybercriminal to launch ransomware successfully is a carefully crafted phishing email. And organizations should prepare themselves for this possibility. After all, research shows that 85% of data breaches are by human error.
Paubox Email Suite Plus is the HIPAA compliant solution to protect your employees from malicious emails like phishing, spam, viruses, and malware. Our HITRUST CSF certified software can flag suspicious emails and quarantine them safely away from your employees' inboxes.
Paubox has other tools to protect your organization. ExecProtect provides security from display name spoofing. DomainAge will spot emails with recently registered domain names and quarantine them.
It also includes Zero Trust Email, which requires an additional layer of authentication before delivering an email. Robust inbound email security is practically a necessity for companies these days. Keeping your security updated helps ensure the protection of your network.
Try Paubox Email Suite Plus for FREE today.
