AvosLocker ransomware operators auction victims data

Journalists from The Record noticed that AvosLocker malware operators have created a special system on their website, with the help of which they auction the data of their victims if they refused to pay the ransom.

The AvosLocker group uses the now classic double extortion tactics. That is, criminals not only encrypt the data of their victims, but also publish files stolen from companies if they refuse to pay the ransom.

The double-extortion tactic was first utilized by the Maze ransomware gang in late 2019 when the group began stealing files from hacked companies before encrypting their files. If the victim did not want to pay the hacker’s ransom and receive the decryption key, the attackers would threaten to release sensitive files online, on the dark web, via so-called “leak sites.” While the tactic was initially used by the Maze gang, it was broadly adopted by most other gangs, and today, almost all new ransomware operations use a leak site as a way to intimidate and shame victims that refused to give in.The Record reports.

This approach was first used by operators of the Maze ransomware at the end of 2019, when the group began to steal files from compromised companies before encrypting them. Now practically all extortionate groups operate in this way.

AvosLocker was no exception: the group, first discovered in July 2021, also used this scheme, and in the summer of 2021 posted on their website the details of several victims who refused to pay or negotiate after the attack.

But in mid-September, the hackers launched a redesigned version of their site, which now has a new auction feature.

auction feature

Now hackers do not “leak” information stolen from victims for free, but sell this data at auction, trying to profit even from unsuccessful attacks. Journalists note that this is a smart move, the fact is that the data published for free by the ransomware is then regularly resold in Telegram channels and on underground forums.

It should also be said that AvosLocker is not the first hack group to add auction functionality to their site. Most likely, the hackers were inspired by the experience of the ransomware REvil, which first used this tactic in June 2020.

The Record notes that the good news in this case is that AvosLocker, fortunately, is not included in the list of the most active and effective ransomware. According to ID-Ransomware, AvosLocker carries out only about 10 attacks per week.

Let me remind you that we talked about the fact that Hackers stole the source codes of Puma’s applications.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button