[TheRecord] AvosLocker ransomware gang to auction the data of victims who don’t pay

The operators of the AvosLocker ransomware gang have updated their website to create a system through which they plan to auction off the data of hacked companies that refuse to pay ransom demands.

The AvosLocker gang’s site —updated two weeks ago— introduces a twist on the classic ransomware double-extortion scheme.

What is the double-extortion scheme?

The double-extortion tactic was first utilized by the Maze ransomware gang in late 2019 when the group began stealing files from hacked companies before encrypting their files. If the victim did not want to pay the hacker’s ransom and receive the decryption key, the attackers would threaten to release sensitive files online, on the dark web, via so-called “leak sites.” While the tactic was initially used by the Maze gang, it was broadly adopted by most other gangs, and today, almost all new ransomware operations use a leak site as a way to intimidate and shame victims that refused to give in.

First spotted in July 2021, AvosLocker also utilized this well-established scheme and, through the summer, released data from several victims that refused to pay or engage following their attacks.

But in mid-September, the group launched a redesigned version of their site that, besides adding a dark mode, also added the new auction feature.

#Avoslocker has changed up their theme and gone with the dark look. As I’m sure everyone who monitors these sites would agree, the dark them is appreciated.#infosec #ransomware #auspol #cybersecurity #security #cyber #threatintel pic.twitter.com/AJWd9TvkB2

— CyberKnow (@Cyberknow20) September 20, 2021

Now, instead of dumping the victim’s data online for free, the AvosLocker gang is auctioning this information in a “clever” attempt to generate some sort of profit from what would normally equate to a failed attack.

The use of an auction feature is a clever move from the AvosLocker gang, since, through the past year, data released for free by ransomware gangs has often been re-sold on Telegram channels and underground cybercrime forums.

However, AvosLocker is not the first gang to add an auction feature to their site, and the update was most likely inspired by the REvil ransomware gang, which was the first to use such a feature back in June 2020.

NEW: The REvil (Sodinokibi) ransomware gang launched today an auction site to sell stolen data instead of releasing it for freehttps://t.co/d8yTkAZi5t pic.twitter.com/UoLPlzYK79

— Catalin Cimpanu (@campuscodi) June 2, 2020

The good news is that despite the clever feature, the AvosLocker gang is not one of today’s top or most active ransomware groups, with fewer than 10 attacks carried out per week, according to data provided by the ID-Ransomware service.

The post AvosLocker ransomware gang to auction the data of victims who don’t pay appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] Authorities Arrest Another TrickBot Gang Member in South Korea

All posts, ThreatPost

A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions. Source: Read More (Threatpost)

Read More

[BleepingComputer] Windows 10 KB5003690 Cumulative Update released with gaming fixes

Microsoft has released the optional KB5003690 Preview cumulative update for Windows 10 2004, Windows 10 20H2, and Windows 10 21H1. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys it instead

All posts, ZDNet

The relatively new threat group has been connected to attacks against Israeli targets. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.