Technology Tips

January 05, 2022

New Ransomware Named AvosLocker Uses Multiple Tricks In Attacks

Written By Securafy Team

There's a new strain of ransomware to be concerned about in the form of AvosLocker.

This is from security firm Sophos who warns that the new strain of human-operated ransomware is one to watch.

AvosLocker burst onto the scene over the summer of this year (2021). Having enjoyed some success with their product the gang behind the code is now on the hunt for partners in a bid to fill the gap left by REvil's departure.

One of the key features of the malware's design is the fact that it leverages the AnyDesk remote IT admin tool while running it in Windows Safe mode. We've seen malware that leverages Windows Safe Mode. Safe Mode loads with a minimal set of drivers and it is less well-protected but it isn't exactly a common tactic.

AnyDesk is of course a perfectly legitimate tool used by thousands of professionals all over the world every day.  Here however it is being put to nefarious use and by combining it with running in Safe Mode and it allows the hackers to deal serious damage to their targets.

Peter Mackenzie is the Director of Incident Response at Sophos. Mackenzie says the group behind this new strain relies on simple but very clever tactics and methodologies to get the job done. So far, they've been amazingly successful.

The company had this to say about the new strain:

"Ransomware, especially when it has been hand-delivered (as has been the case in these Avos Locker instances), is a tricky problem to solve because one needs to deal not only with the ransomware itself, but with any mechanisms the threat actors have set up as a back door into the targeted network. No alert should be treated as "low priority" in these circumstances, no matter how benign it might seem."

Wise words indeed.  Stay alert out there.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.