AvosLocker ransomware was discovered by Trend Micro researchers to have a new variant that could facilitate antivirus system deactivation and evade detection, The Hacker News reports.
"This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys). In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap NSE script," wrote Trend Micro researchers Alvin Nieto and Christopher Ordonez.
Most attacks by AvosLocker between July 2021 and February 2022 have been targeted at the food and beverage industry, followed by organizations in the technology, finance, telecom, and media sectors.The report noted that a Zoho ManageEngine ADSelfService Plus software remote code execution flaw exploit was leveraged to initiate the attack."
The HTA executed an obfuscated PowerShell script that contains a shellcode, capable of connecting back to the [command-and-control] server to execute arbitrary commands," researchers said.
Ransomware, Threat Management
Antivirus protections evaded by novel AvosLocker ransomware variant
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds