Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients.
https://www.suspectfile.com/two-data-breaches-in-three-years-the-mckenzie-health-system-case/
#AvosLocker #Data_Breach #McKenzie_Health_System #McKenzie_Memorial_Hospital #PHI #PII #Ransomware #Infosec
OK, I confess: I do not understand why CISA / #StopRansomware did an update on #AvosLocker based on what they saw up to May. AvosLocker's leak site went silent in May, he hasn't been on his Jabber since May, and I got no response from him on Tox since May. So is AvosLocker still active? Anyone seen evidence of new victims or anything since May? Ransomlook.io doesn't show anything since that time, either.
A distinguishing feature of AvosLocker attacks is their reliance on open-source tools and living-off-the-land (LotL) tactics, leaving minimal traces for attribution.
#CISA #Cybersecurity #FBI #AvosLocker #Ransomware #Cyberthreat #CriticalInfrastructure
The AvosLocker ransomware group has been associated with attacks on critical infrastructure sectors in the United States, some of which were detected as recently as May 2023. This information comes…
Avoslocker #ransomware group again added Bluefield University (bluefield.edu) to their victim list. They claims to publish the organizations data in 19 hours and the alleged data is 1.2TB in size which contains admissions details, Financial Aid applications, Transcripts, etc.
Toulouse INP fait encore face aux suites d'une cyberattaque avec rançongiciel découverte le lundi 12 septembre à 21h, heure à laquelle le chiffrement a été déclenché. Le rançongiciel impliqué était AvosLocker. La cyberattaque n'a pas été revendiquée à ce jour.
#AvosLocker has listed Pembina County Memorial Hospital while Royal has listed Clarke County Hospital. #PCMH #CCH #ransomware
My latest blog: Decoding a New JavaScript Malware Campaign!
🔗 https://www.th3protocol.com/2023/New-JS-Malware-Fake-Invoices
Earlier today researchers from HuntressLabs shared observations about a #AvosLocker case involving RClone. They identified initial access as a javascript file named “Invoice-DocuSign-Mar03-2023.js"
In my blog post I walk through analyzing this JavaScript malware, identifying persistency and decoding C2 traffic!
#IOCs: https://github.com/colincowie/colincowie.github.io/blob/master/assets/iocs/js_avoslocker/file_iocs.csv
🔗 poc for decoding the C2 traffic:
https://gist.github.com/colincowie/2bb637259c38e1c6da3f2464ec92ed0e
💬 Authors Note:
Recently I've been feeling a little bit burnt out - this research excited me and provided some internal encouragement 😃
#ThreatIntel #CTI #Malware #Ransomware #JavaScript #VirusTotal
amvinfe
Dissent Doe 
Freemind
securityaffairs
Falcon Feeds
Valéry Rieß-Marchive 
Brett Callow
Colin Cowie
grey 