[MART] - Daily Diary #429 - AvosLocker Goes Multi-platform

CTAS-MAT ctas-mat at appgate.com
Thu Jan 13 12:25:00 UTC 2022


Hello,
I hope everyone is doing well!

Below is the entry for today.

13/01/2021 - Diary entry #429

In our Daily Diaries #418 and #422 we covered AvosLocker, a Windows ransomware that operates in the Ransomware-as-a-Service business model. This month a new version of AvosLocker was disclosed, increasing the support for more operating systems.

The new version of AvosLocker implemented the support for Linux, adding a new ELF binary in its toolkit, dubbed AvosLinux. This payload was created specifically to target vulnerable VMWare ESXi servers during the lateral movement phase (after the initial breach).

We covered this tendency of targeting virtual machine hypervisors in several of last year's Daily Diaries. More recently in our Daily Diary #373, where we covered BlackMatter ransomware. With capabilities to attack this kind of service, the ransomware operations highly increase their attack surface and damage. If the malware reaches the hypervisor machine, it's trivial to compromise all the hosted machines.

We highly recommend for companies using Virtual Machine Hypervisors to adopt a ZeroTrust mindset and segment these services into a separated network. As ransomware families evolve, it's becoming more and more common for them to target this kind of service.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220113/c40d3ba7/attachment.htm>


More information about the MART mailing list