New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN

Marco A. De Felice reports:

An affiliate of the AvosLocker ransomware group extorts $ 85,000 in bitcoin from a company thanks to a known vulnerability in FortiGate VPN ( CVE-2018-13379 ). A vulnerability that the American multinational had corrected THANKS TO AN UPDATE released IN NOVEMBER 2019 .
Those who have not updated their systems are a small company that operates in the field of paint sales.

At the end of August it was the servers of a company operating in the field of paint sales that were hit by an AvosLocker affiliate. The ransomware group never made the victim’s name public on their blog.

Even if in a passage of the chat the victim writes “… bitcoin payment by end of day today, UK time” , is not able at this moment to state with absolute certainty that the company headquarters affected by the cyber attack may reside within the United Kingdom.

A certain fact, however, is that the victim, at a certain point in the chat, writes:

“Hello Staff, we are working with the broker to do the bitcoin payment by end of day today, UK time”.

The conversation between the AvosLocker “staff” and the victim began last September 3 and ended yesterday with the payment of the ransom.

Read more on SuspectFile.

About the author: Dissent

Comments are closed.