home.social

#avoslocker — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #avoslocker, aggregated by home.social.

  1. Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.

    suspectfile.com/two-data-breac

    #AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec

  2. Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.

    suspectfile.com/two-data-breac

    #AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec

  3. Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.

    suspectfile.com/two-data-breac

    #AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec

  4. Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.

    suspectfile.com/two-data-breac

    #AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec

  5. Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.

    suspectfile.com/two-data-breac

    #AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec

  6. Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver

    Following an increase in bring-your-own-vulnerable-driver (BYOVD) attacks launched by ransomware groups in 2023, the Kasseika ransomware is among the latest groups to take part in the trend. Kasseika joins Akira, BlackByte, and AvosLocker in using the tactic that allows threat actors to terminate antivirus processes and services for the deployment of ransomware. In this case we investigated, the Kasseika ransomware abused Martini driver to terminate the victim machine’s antivirus-related processes.

    Pulse ID: 65b14dad54060636a7291eb0
    Pulse Link: otx.alienvault.com/pulse/65b14
    Pulse Author: AlienVault
    Created: 2024-01-24 17:49:33

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #RansomWare #AvosLocker #Mac #Akira #AlienVault

  7. OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.

    @allan @brett @BleepingComputer

    #ransomware #infosec

  8. OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.

    @allan @brett @BleepingComputer

    #ransomware #infosec

  9. OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.

    @allan @brett @BleepingComputer

    #ransomware #infosec

  10. OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.

    @allan @brett @BleepingComputer

    #ransomware #infosec

  11. OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.

    @allan @brett @BleepingComputer

    #ransomware #infosec

  12. 🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
    lemagit.fr/actualites/25252487

  13. 🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
    lemagit.fr/actualites/25252487

  14. 🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
    lemagit.fr/actualites/25252487

  15. 🔒 Souvenez-vous, c'était le 13 septembre 2022 au matin. Les étudiants des écoles de Toulouse INP - Institut National Polytechnique de Toulouse étaient accueillis par un message les informant de la survenue d'une #cyberattaque. On apprend ce matin, plusieurs mois plus tard, que la #ransomware appelé #AvosLocker était impliqué. C'est à lire après le clic 👇
    lemagit.fr/actualites/25252487

  16. #AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware

    @PogoWasRight

  17. #AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware

    @PogoWasRight

  18. #AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware

    @PogoWasRight

  19. #AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware

    @PogoWasRight

  20. #AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware

    @PogoWasRight

  21. #AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware

  22. #AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware

  23. #AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware

  24. #AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware

  25. #AvosLocker has listed #VMedia, which offers internet and streaming services in multiple Canadian provinces. #ransomware

  26. My latest blog: Decoding a New JavaScript Malware Campaign!
    🔗​ th3protocol.com/2023/New-JS-Ma

    Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"

    In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
    #IOCs: github.com/colincowie/colincow

    🔗​ poc for decoding the C2 traffic:
    gist.github.com/colincowie/2bb

    💬​ Authors Note:
    Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃

    #ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal​​

  27. My latest blog: Decoding a New JavaScript Malware Campaign!
    🔗​ th3protocol.com/2023/New-JS-Ma

    Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"

    In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
    #IOCs: github.com/colincowie/colincow

    🔗​ poc for decoding the C2 traffic:
    gist.github.com/colincowie/2bb

    💬​ Authors Note:
    Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃

    #ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal​​

  28. My latest blog: Decoding a New JavaScript Malware Campaign!
    🔗​ th3protocol.com/2023/New-JS-Ma

    Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"

    In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
    #IOCs: github.com/colincowie/colincow

    🔗​ poc for decoding the C2 traffic:
    gist.github.com/colincowie/2bb

    💬​ Authors Note:
    Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃

    #ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal​​

  29. My latest blog: Decoding a New JavaScript Malware Campaign!
    🔗​ th3protocol.com/2023/New-JS-Ma

    Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"

    In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
    #IOCs: github.com/colincowie/colincow

    🔗​ poc for decoding the C2 traffic:
    gist.github.com/colincowie/2bb

    💬​ Authors Note:
    Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃

    #ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal​​

  30. My latest blog: Decoding a New JavaScript Malware Campaign!
    🔗​ th3protocol.com/2023/New-JS-Ma

    Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"

    In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
    #IOCs: github.com/colincowie/colincow

    🔗​ poc for decoding the C2 traffic:
    gist.github.com/colincowie/2bb

    💬​ Authors Note:
    Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃

    #ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal​​

  31. AvosLocker looks to be taking a more active stance in purchasing access. They've moved from bidding in single auctions to listing a purchase offer for any valid privileged RDP/VPN/Citrix/RDWeb/Pulse Security access. #ThreatIntelligence #ThreatIntel #CTI #Ransomware #AvosLocker #CTITuesday

  32. Has anyone else noticed that #AvosLocker hasn't posted to their blog in over 40 days? I wonder if they're rebranding or trying to keep a low profile. They are still posting on certain forums buying up access 👀

  33. Ce mois-ci, AvosLocker a revendiqué des attaques informatiques à l'encontre d'universités américaines. Certaines avaient déjà été attaquées par d'autres groupes tels que Snatch,.. #usa #avoslocker #threats #ransomware #education #databreach #informatique

    • 🇺🇸 Paul Smith's College (paulsmiths.edu)
    • 🇺🇸 Our Lady of the Lake University (ollusa.edu)
    • 🇺🇸 Stratford University (stratford.edu)
    • 🇺🇸 Savannah College of Art and Design (scad.edu)
    • 🇺🇸 Northwest University (northwestu.edu)
  34. Les opérateurs Avos Locker revendiquent l'attaque informatique à l'encontre de Casa International NV #avoslocker

  35. Durch Lücken im Anti-Rootkit-Treiber von Avast und AVG hätten Angreifer ihre Rechte ausweiten können. Ransomware nutzt den Treiber zum Beenden von Virenschutz.
    Sicherheitslücke in Anti-Rootkit-Treiber von Avast und AVG
  36. Durch Lücken im Anti-Rootkit-Treiber von Avast und AVG hätten Angreifer ihre Rechte ausweiten können. Ransomware nutzt den Treiber zum Beenden von Virenschutz.
    Sicherheitslücke in Anti-Rootkit-Treiber von Avast und AVG