8월 5, 2021
SentinelOne Vs. AvosLocker – Mitigation and Rollback
See how SentinelOne mitigates and rolls back AvosLocker. AvosLocker emerged in June 2021 as a new RaaS (Ransomware As A Service) operator. They initially advertised their services on several well-known ‘underground’ crime forums. They also used this avenue to recruit additional team members and Initial Access Brokers.
Early-analyzed (wild) samples do little to hide their activity, requiring manual interaction and displaying (sometimes multiple) visible command windows. Some later samples have expanded basic functionality and allowed for cmd-line arguments to be passed to either hide the CMD windows or exclude encryption of network resources (mapped drives / accessible shares).
With the RaaS service, AvosLocker launched a TOR-based blog site to publicize and track non-compliant victims and their looted data. Since the launch, they have leaked data on 6 victims, including Government entities, Logistics, and Legal targets as well.
Encryption is handled via a combination of RSA (encryption of directly-generated AES keys) and AES for actual encryption of files. File availability for encryption is determined solely by the file extensions.
#ransomware #cybersecurity #infosec #malware #avoslocker
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset