City of Geneva suffered a data breach on its website and online data systems. A new ransomware group listed Geneva on its dedicated leak site. Dubbed AvosLocker, this ransomware gang is now on the lookout for more partners.

The ransomware first came to lime light. Its operators are now searching for affiliates via several underground forums. Their recruitment announcement indicates that they are looking for hackers who have remote access to hacked infrastructure.

The ransomware has already claimed several victims. The attacker deploys AvosLocker manually on compromised machines. In addition to this, it does not come with any protective/Cryptominers layer. As the delivery model of the ransomware requires manual access, data exfiltration is possibly conducted manually.

The malware follows string obfuscation and leverages two encryption algorithms – symmetric: AES and asymmetric: AES. AvosLocker is not alone in its endeavor to find affiliates.The LockBit gang launched an upgraded version of the ransomware LockBit 2.0 and announced a new affiliate recruitment session. Himalaya, a relatively new ransomware, was found promoting its RaaS operation on its website, at the same time as LockBit.

As the notorious REvil gang is still hidden, other threat actors are active in the quest for filling up the void. These kinds of attacks have become way too common and several industries are impacted on a daily basis. Hence, amp your cybersecurity defenses and stay safe.