When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Officials reported Monday that Geneva, a small city in Ohio, was the victim of a data breach involving the new AvosLocker ransomware.
Details of New AvosLocker Ransomware
The information was revealed after files stolen from the city’s servers were discovered on a leak website run by the AvosLocker ransomware group, which began posting data taken from its targets in early June. The FBI and Cybersecurity and Infrastructure Security Agency were notified by the city, which has a population of 6,200 people. Geneva is at least the 45th U.S. local government to be attacked by ransomware in 2021.
AvosLocker, like most extortion malware, uses a network of affiliates to provide ransomware-as-a-service. The Geneva attack was attributed to “one of our partners,” according to the leak website. The AvosLocker ransomware, according to Recorded Future analyst Allan Liska, is “really new and has mostly hit relatively small targets so far.” It has infected a few law firms and logistics corporations in Europe and the United States, in addition to Geneva.
The AvosLocker site displayed a sample of the stolen data, including file directories, court records, and a tax return with Social Security numbers and threatened to expose everything if the city refused to bargain. In May, another ransomware group exposed dozens of Washington, D.C. police officer’s personnel information when its demands were not met.
AvosLocker ransomware runs manually by threat actors who access the machine remotely. It then scans for any accessible drives before beginning the encryption process.
AvosLocker evades detection with obfuscation of the code but during execution, the logs of the actions being performed can be observed by the threat actor. AvosLocker collects a list of processes that may block access and terminates them before encryption.
As new types of ransomware emerge into the threat landscape, staying up to date with them is crucial for your organization’s protection. The average IT team isn’t always equipped or technical enough to deal with these threats, so that’s why it’s important to incorporate a security team like SpearTip to continuously monitor your networks.
We offer pre-breach advisory services to help your organization understand where your weak points are located. In addition to our pre-breach services, our Security Operations Center as a Service operates 24/7 and gives your organization the ability to contact our engineers at any moment while they’re constantly monitoring your network. We believe in a 24/7 shop because threat actors don’t sleep. In fact, they’ll look to target your business at times when you wouldn’t normally be there like holidays or the weekends.
Our 24/7 Incident Response team works in conjunction with our ShadowSpear platform to detect threats early and stop them in their tracks.
If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.
View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
ShadowSpear Platform
Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
ShadowSpear Demo
Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
