AvosLocker is a ransomware identified in mid-July of this year, written in C ++ language, sold as an information encryption tool, in which cybercriminals must perform non-automated deployment. Its infection vector is based on the exploitation of vulnerabilities in services and computers exposed on the Internet, after the initial access, they load and execute AvosLocker manually.

As in many other cases, AvosLocker offers ransomware as a service (RaaS) to an affiliate network. Apparently the AvosLocker ransomware is new and, for the most part, it has breached small targets so far, such as Breydons Solicitors, Arabian Cargo Group, Heller Injury Lawyers, On Logistics Services Algeciras, among others. But alerts issued by research companies indicate that AvosLocker could attack larger organizations in the coming weeks and therefore security measures must be taken.

AvosLocker encrypts personal files using AES-256 and RSA-2048 algorithms. In addition, the virus adds the extension “.avos” to the encrypted files. The ransom demand message “GET_YOUR_FILES_BACK.txt” indicates that the victims’ data has been encrypted with the AES-256 cryptographic algorithm. The note warns that if the encryption process is still in progress, turning off the system can damage the files but… as we have always said, paying is never safe and you only help these criminals since it is not safe for them to return your data.

To prevent AvosLocker ransomware from advancing in document encryption, it must be removed from the operating system. However, the removal will not restore the files already affected. The only solution is to recover the data from a backup and that is why these are so important.

Also see:
PrintNightmare Vulnerability that affects Windows
PuzzleMaker – A group that targets Windows 10


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *