New ransomware weighing just a few kbs can encrypt an entire network in less than 5 seconds

Cybersecurity experts predict that AvosLocker ransomware infections will increase considerably on these holidays. While this is a newly emerging ransomware variant, it has already been detected in multiple incidents, wreaking severe havoc on the affected systems.

Identified by Sophos researchers, this ransomware appears to use the AnyDesk remote administration tool and Windows Safe feature to evade major security restrictions on laptops and desktops. In its report, the company mentions that AvosLocker operators install AnyDesk on affected systems to infiltrate and subsequently execute the malicious payload without attracting attention.

This malware also reuses some techniques previously employed by other hacking groups, mainly by the operators of the REvil ransomware. Security experts believe that the creators of AvosLocker are looking to partner with other cybercriminal groups, primarily vendors of compromised information. So far, no massive security breaches related to AvosLocker have been detected.

Sophos experts also mention that the threat actors behind AvosLocker are constantly sending commands for the deployment of the virus; subsequently, the victim’s laptop or PC would restart in Safe Mode, a process that only takes a few seconds. That is why affected users have no idea when their systems can be compromised.

Finally, the UK cybersecurity agency notes that it is investigating a massive security breach potentially related to this ransomware variant. Although this hypothesis has not been confirmed, more details could eventually be known.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.