US Agencies Share Avoslocker Ransomware Technical Details, Defense Tips

The U.S. government has updated its advisory on AvosLocker ransomware attacks, revealing that the threat actors utilize open-source utilities and legitimate software to compromise enterprise networks. The tools used include custom PowerShell, batch scripts, and open-source network tunneling utilities. Additionally, the advisory provides a YARA rule to detect a piece of malware called NetMonitor.exe, which poses as a legitimate network monitoring tool. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) recommend implementing application control mechanisms, limiting remote desktop services, and following best practices such as updating software and using strong passwords to defend against AvosLocker ransomware attacks. This advisory builds upon a previous one that highlighted the exploitation of vulnerabilities in Microsoft Exchange servers.