Indicators of Compromise Associated with AvosLocker Ransomware

The FBI and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) detailing indicators of compromise associated with AvosLocker ransomware. AvosLocker operates as a Ransomware-as-a-Service (RaaS) affiliate-based group and has targeted several critical infrastructure sectors in the U.S. and across the world, including government facilities. According to the advisory, “AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” The advisory lists further technical details associated with this threat actor, including common vulnerabilities exploited by AvosLocker and mitigation techniques to defend against this threat.

To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at(855) 292-3937, or by e-mail at Cy*****@*bi.gov. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at CI*************@******hs.gov. Read the full advisory at the FBI’s Internet Crime Complaint Center.