Ransomware “AvosLocker” has been found to have built a system that auctions off the data of hacked companies that refuse to pay the ransom.
The AvosLocker group’s site, updated two weeks ago, shows a twist on the double ransomware extortion approach that has been used in the past.
What is the Double Exploitation Technique?
Double extortion tactics were first used in late 2019 when the Maze ransomware stole files from hacked companies before encrypting them.
If the victim is unwilling to pay the hacker’s ransom and receive the decryption key, the attacker threatens to publish the sensitive files online on the dark web via so-called “leak sites”.
This tactic was initially used by Maze, but has been widely adopted by most other ransomware groups, and nowadays almost all new ransomware attacks use leaked sites as a way to intimidate and humiliate victims who refuse to give in.
“AvosLocker,” first identified in July 2021, also used this established attack technique to publish data on multiple victims who refused to pay or engage with the attack. https://twitter.com/Cyberknow20/status/1439798553656713225
The Avoslocker site has changed its theme and now has a darker design.
But in mid-September, AvosLocker not only redesigned its site and added a dark mode, but also added a new auction feature.
The AvosLocker group is trying to make some kind of profit from the attack that would normally fail by auctioning off the victim’s data rather than putting it online for free.
The use of the auction feature is a new move for AvosLocker, as over the past year, data released for free by ransomware groups has often been resold on Telegram channels and underground cybercrime forums.
Comments