#avoslocker — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #avoslocker, aggregated by home.social.
-
Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
-
Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
-
Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
-
Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
-
Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
-
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
Following an increase in bring-your-own-vulnerable-driver (BYOVD) attacks launched by ransomware groups in 2023, the Kasseika ransomware is among the latest groups to take part in the trend. Kasseika joins Akira, BlackByte, and AvosLocker in using the tactic that allows threat actors to terminate antivirus processes and services for the deployment of ransomware. In this case we investigated, the Kasseika ransomware abused Martini driver to terminate the victim machine’s antivirus-related processes.
Pulse ID: 65b14dad54060636a7291eb0
Pulse Link: https://otx.alienvault.com/pulse/65b14dad54060636a7291eb0
Pulse Author: AlienVault
Created: 2024-01-24 17:49:33Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #RansomWare #AvosLocker #Mac #Akira #AlienVault
-
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
-
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
-
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
-
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
-
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
-
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
-
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
-
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
-
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
-
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
-
🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
https://www.lemagit.fr/actualites/252524874/Cyberattaque-dampleur-a-linstitut-national-polytechnique-de-Toulouse -
🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
https://www.lemagit.fr/actualites/252524874/Cyberattaque-dampleur-a-linstitut-national-polytechnique-de-Toulouse -
🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
https://www.lemagit.fr/actualites/252524874/Cyberattaque-dampleur-a-linstitut-national-polytechnique-de-Toulouse -
🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
https://www.lemagit.fr/actualites/252524874/Cyberattaque-dampleur-a-linstitut-national-polytechnique-de-Toulouse -
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
-
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
-
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
-
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
-
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
-
#AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware
-
#AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware
-
#AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware
-
#AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware
-
#AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware
-
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-InvoicesEarlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
-
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-InvoicesEarlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
-
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-InvoicesEarlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
-
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-InvoicesEarlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
-
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-InvoicesEarlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
-
AvosLocker looks to be taking a more active stance in purchasing access. They've moved from bidding in single auctions to listing a purchase offer for any valid privileged RDP/VPN/Citrix/RDWeb/Pulse Security access. #ThreatIntelligence #ThreatIntel #CTI #Ransomware #AvosLocker #CTITuesday
-
Has anyone else noticed that #AvosLocker hasn't posted to their blog in over 40 days? I wonder if they're rebranding or trying to keep a low profile. They are still posting on certain forums buying up access 👀
-
Les opérateurs AvosLocker revendiquent une attaque informatique à l'encontre de 🇺🇸 Emtec, Inc (
emtecinc.com) #usa #ransomware #avoslocker #investments #cyber #commercial #business #insights #customers #partnership #corporate #financial #payments #security #databreach #utilities #strategic #provider #robotics #relationships #innovative #virtualization #automation #cloud #industries #facilities #devices #careers #travel #aero #solutions #erp #resources #performance #support #management #energies #canada #gas #government #wastewater #electric #oracle #sanitary #analysics #clearcare #salesforce #microsoft #infrastructure #bmc #gold #partners #digital #hyperion #transformation #services #enterprises #water #hcm #distribution #mobile #agenda #internet #leaders #telecom #experts #care #entrepreneurs #tech #consulting #gaming #consumers #automotive #epm #hospitality #medias #advertising #healthcare #education #clients #application #market #software #threats #industry #optimization #offices #planning #technologies #informatique -
Ce mois-ci, AvosLocker a revendiqué des attaques informatiques à l'encontre d'universités américaines. Certaines avaient déjà été attaquées par d'autres groupes tels que Snatch,.. #usa #avoslocker #threats #ransomware #education #databreach #informatique
- 🇺🇸 Paul Smith's College (
paulsmiths.edu) - 🇺🇸 Our Lady of the Lake University (
ollusa.edu) - 🇺🇸 Stratford University (
stratford.edu) - 🇺🇸 Savannah College of Art and Design (
scad.edu) - 🇺🇸 Northwest University (
northwestu.edu)
- 🇺🇸 Paul Smith's College (
-
🇺🇸 Les opérateurs Avos Locker revendiquent une attaque informatique à l'encontre de Los Alamos Public Schools (
laschools.net) #usa #education #ransomware #databreach #transportation #avoslocker #community #administration #students #district #staff #family #academics #services #athletics #school #board #department #management #schools #informatique -
Les opérateurs Avos Locker revendiquent l'attaque informatique à l'encontre de Casa International NV #avoslocker
-
🇪🇸 Les opérateurs Avos Locker revendiquent l'attaque informatique à l'encontre du spécialiste espagnol Grupo Garnica Plywood S.A. (
garnica.one) #spain #europe #france #mechanical #automation #cyber #diagnostic #heat #ventilation #market #logistics #facilities #waste #industrial #development #hydraulic #electrical #financial #motors #avoslocker #services #commercial #products #wood #buildings #plants #ransomware #industries #maintenance #solutions #manufacturers #threats #panels #architecture #furnitues #materials #experts #compliant #design #construction #sustainable #community #innovative #future #renewable #equipment #espagne #informatique -
Les opérateurs AvosLocker revendiquent l'attaque informatique de Montmorency Collège (
cmontmorency.qc.ca). La fuite porte sur 8 téraoctets de données. #canada #avoslocker #education #ransomware #market #platform #smart #schools #networks #city #equipment #directory #privacy #threats #outage #students #cyber #canteens #digital #staff #school #transformation #management #systems #databreach #office #planning #community #departement #solutions #informatique -
🇮🇪 Les opérateurs AvosLocker revendiquent une attaque informatique à l'encontre de CR2 (
cr2.com)#ireland #digital #banking #avoslocker #ransomware #market #platform #cyber #mobile #transformation #smartphone #payments #threats #services #technologies #customers #innovative #smart #databreach #internet #retails #software #financial #investment #management #systems #innovative #atm #corporate #solutions #informatique
-
Durch Lücken im Anti-Rootkit-Treiber von Avast und AVG hätten Angreifer ihre Rechte ausweiten können. Ransomware nutzt den Treiber zum Beenden von Virenschutz.
Sicherheitslücke in Anti-Rootkit-Treiber von Avast und AVG -
Durch Lücken im Anti-Rootkit-Treiber von Avast und AVG hätten Angreifer ihre Rechte ausweiten können. Ransomware nutzt den Treiber zum Beenden von Virenschutz.
Sicherheitslücke in Anti-Rootkit-Treiber von Avast und AVG -
AvosLocker ransomware – what you need to know https://www.tripwire.com/state-of-security/security-data-protection/avoslocker-ransomware-what-you-need-to-know/ #Ransomware #AvosLocker #ransomware #Guestblog #Malware
-
📬 AvosLocker: Nach irrtümlichem Polizeiangriff sorgt Ransomware-Bande für Gratis-Entschlüsselung #Hacking #Malware #AnyDesk #AvosLocker #pancak3 #Polzeiangriff #Ransomware #REvil #SophosLabs https://tarnkappe.info/avoslocker-nach-irrtuemlichen-polzeiangriff-sorgt-ransomware-bande-fuer-gratis-entschluesselung/
-
📬 AvosLocker: Nach irrtümlichem Polizeiangriff sorgt Ransomware-Bande für Gratis-Entschlüsselung #Hacking #Malware #AnyDesk #AvosLocker #pancak3 #Polzeiangriff #Ransomware #REvil #SophosLabs https://tarnkappe.info/avoslocker-nach-irrtuemlichen-polzeiangriff-sorgt-ransomware-bande-fuer-gratis-entschluesselung/