[TheRecord] AvosLocker ransomware gang to auction the data of victims who don’t pay

The operators of the AvosLocker ransomware gang have updated their website to create a system through which they plan to auction off the data of hacked companies that refuse to pay ransom demands.

The AvosLocker gang’s site —updated two weeks ago— introduces a twist on the classic ransomware double-extortion scheme.

What is the double-extortion scheme?

The double-extortion tactic was first utilized by the Maze ransomware gang in late 2019 when the group began stealing files from hacked companies before encrypting their files. If the victim did not want to pay the hacker’s ransom and receive the decryption key, the attackers would threaten to release sensitive files online, on the dark web, via so-called “leak sites.” While the tactic was initially used by the Maze gang, it was broadly adopted by most other gangs, and today, almost all new ransomware operations use a leak site as a way to intimidate and shame victims that refused to give in.

First spotted in July 2021, AvosLocker also utilized this well-established scheme and, through the summer, released data from several victims that refused to pay or engage following their attacks.

But in mid-September, the group launched a redesigned version of their site that, besides adding a dark mode, also added the new auction feature.

#Avoslocker has changed up their theme and gone with the dark look. As I’m sure everyone who monitors these sites would agree, the dark them is appreciated.#infosec #ransomware #auspol #cybersecurity #security #cyber #threatintel pic.twitter.com/AJWd9TvkB2

— CyberKnow (@Cyberknow20) September 20, 2021

Now, instead of dumping the victim’s data online for free, the AvosLocker gang is auctioning this information in a “clever” attempt to generate some sort of profit from what would normally equate to a failed attack.

The use of an auction feature is a clever move from the AvosLocker gang, since, through the past year, data released for free by ransomware gangs has often been re-sold on Telegram channels and underground cybercrime forums.

However, AvosLocker is not the first gang to add an auction feature to their site, and the update was most likely inspired by the REvil ransomware gang, which was the first to use such a feature back in June 2020.

NEW: The REvil (Sodinokibi) ransomware gang launched today an auction site to sell stolen data instead of releasing it for freehttps://t.co/d8yTkAZi5t pic.twitter.com/UoLPlzYK79

— Catalin Cimpanu (@campuscodi) June 2, 2020

The good news is that despite the clever feature, the AvosLocker gang is not one of today’s top or most active ransomware groups, with fewer than 10 attacks carried out per week, according to data provided by the ID-Ransomware service.

The post AvosLocker ransomware gang to auction the data of victims who don’t pay appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Security Awareness Training is Broken. Human Risk Management (HRM) is the Fix

All posts, HackerNews

Humans are an organization’s strongest defence against evolving cyber threats, but security awareness training alone often isn’t enough to transform user behaviour. In this guide, usecure looks at why Human Risk Management (HRM) is the new fix for building a security-savvy workforce. Don’t be fooled… Businesses are investing more than ever into strengthening their employee […]

Read More

[BleepingComputer] Microsoft confirms Windows taskbar button blurry text issue

Microsoft has confirmed a known issue causing the text on the “News and Interests” Windows Taskbar to get blurry after installing recent Windows 10 updates. […] Source: Read More (BleepingComputer)

Read More

[SANS ISC] Changing BAT Files On The Fly, (Mon, Aug 2nd)

All posts, Sans-ISC

I often use Windows BAT files, simple ones, to execute a series of commands. And over the years, I learned not to change these BAT files while they were executing, because cmd.exe would “notice” those changes when it has to execute the next command in the BAT file, and read the changed file, leading to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.