25% off all training courses Offer ends May 8, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 8, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

CISA and FBI Update AvosLocker Ransomware Cybersecurity Advisory

Posted By on Oct 13, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an update on AvosLocker ransomware, which includes known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker ransomware variant.

AvosLocker is a relatively new ransomware-as-a-service operation that was first identified in July 2021. While the group is not as prominent as LockBit Clop, and ALPHV (BlackCat), AvosLocker ransomware affiliates have compromised organizations across multiple critical infrastructure sectors. The group engages in exfiltration-based extortion, requiring the payment of a ransom to prevent the release of stolen data and for the keys to decrypt files.

AvosLocker affiliates use legitimate software and open source tools during their ransomware operations. The group has been observed using Splashtop Streamer, Tactical RMM, PuTTy, AnyDesk, PDQ Deploy, and Atera Agent as backdoor access vectors, the open source networking tunneling tools Ligolo and Chisel, Cobalt Strike for command and control, PowerShell and batch (.bat) scripts for lateral movement, Lazagne and Mimikatz for credential harvesting, and FileZilla and Rclone for data exfiltration. The FBI has also observed affiliates using custom webshells to enable network access.

The cybersecurity advisory updates the joint advisory issued the FBI, CISA, and the Treasury’s Financial Crimes Enforcement Network (FinCEN) in March 2023 and includes a YARA rule that was created by the FBI for detecting a signature for a file identified as enabling malware – NetMonitor.exe. NetMonitor.exe masquerades as a legitimate process but functions like a reverse proxy to allow affiliates to connect to the tool from outside the victim’s network. Indicators of Compromise (IoCs) have also been shared that were obtained from investigations of attacks from January 2023 to March 2023, along with recommended mitigations to reduce the risk of compromise by AvosLocker ransomware.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist