The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency together issued an update regarding compromise indicators and detection methods for the AvosLocker ransomware.
Issued on Wednesday, the joint Cybersecurity Advisory includes a YARA coding rule to help analyze software that is potentially compromised by AvosLocker, CISA said.
The initial cybersecurity advisory against AvosLocker was published in March 2022 as part of CISA’s Stop Ransomware campaign. In the updated version, the FBI and CISA added indicators of compromise obtained between January and May of this year.
They also urged software developers to embrace secure-by-design and -default principles to help critical infrastructure organizations and network defenders be proactively prepared to combat ransomware attacks.
To secure remote access tools, allowlisting programs may be used to block unauthorized users or software. The advisory also recommended that organizations consider updating or restricting the use of PowerShell, a task configuration and automation program developed by Microsoft.