US authorities release new ICOs of AvosLocker ransomware

Sicherheit (Pexels, allgemeine Nutzung)[German]The FBI and the U.S. Treasury Department have just released new Indicators of Compromise (IOCs) for the AvosLocker ransomware. These are indications of how to detect an infection with this ransomware. The information can be used in your own security information and event management (SIEM) systems, if necessary. 


AvosLocker is a ransomware known since July 4, 2021 (see), which can penetrate Windows and Linux with the tool of the same name and encrypt as well as siphon off data. The specific extension .avos2 is then attached to each file and the group tries to extort ransom.

The AvosLocker gang works on the Ransomware-as-a-Service (RaaS) principle and offers its service to cybercriminals. The group targets victims in various critical infrastructure sectors in the United States, but is said to exclude the financial services, critical manufacturing and government sectors. AvosLocker also handles ransomware negotiations and the release of captured victim data.

Qualsys has this technical analysis of the malware – and Bleeping Computer colleagues published this article in January 2022. The occasion was that the AvosLocker ransomware gang added support for encrypting Linux systems to their malware variants, specifically targeting VMware ESXi virtual machines. 

AvosLocker ICOs

In the above tweet, Catalin Cimpanu points to this article (PDF), in which the FBI and the U.S. Treasury Department have published new Indicators of Compromise (IOCs) for the AvosLocker ransomware. This may be of interest to security managers looking to augment their SIEM systems with the necessary ICOs to detect infection. In addition, the PDF document contains a list of known vulnerabilities (Exchange Server Proxy Shell, etc.) used for attacks.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *