How the Avos Ransomware Gang Hijacked a University’s Emergency Broadcast System

Ransomware attacks are becoming more frequent and sophisticated, targeting various sectors and organizations. One of the latest victims of this is Bluefield University, a small private university in Bluefield, Virginia. The university suffered a ransomware attack on April 30th, 2023, by a group known as Avos or AvosLocker. The attackers claimed to have stolen 1.2 TB of files from the university’s network, including admissions data from thousands of students.

Read: Royal Ransomware Attacks the City of Dallas

What makes this attack stand out

It is the way the ransomware gang used the university’s own emergency broadcast system to threaten and taunt the students and staff. The system, called RamAlert, is designed to enhance communication during times of crisis on campus. However, on May 1st, 2023, the system was hijacked by the hackers, who sent SMS texts and email alerts to the campus community. The messages read:

“Hello students of Bluefield University! We’re Avoslocker Ransomwar. We hacked the university network to exfiltrate 1.2 TB files…We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”

“DO NOT ALLOW the University to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT (2:00:00 PM).”

The messages also said that the gang would “continue attacking [the school] if BU’s president does not pay.” The amount of ransom demanded by the attackers is unknown.

This is a rare and bold move by the ransomware gang, as it shows their confidence and willingness to escalate their pressure tactics. It also exposes the vulnerability of the university’s network and systems, as well as the potential harm that a data breach could cause. The university responded by issuing another statement, acknowledging that the RamAlert system was impacted and warning the campus community not to click on any links or respond to the messages.

The Avos ransomware gang 

They are relatively new in the cybercrime scene, having emerged in July 2022. The group operates as a ransomware-as-a-service (RaaS) model, meaning that it provides its malware and infrastructure to other hackers for a cut of the ransom payments. The group claims to have encrypted over 50 organizations across various sectors, including healthcare, education, manufacturing, and law.

The group also runs a dark web blog where it publishes samples of stolen data from its victims and threatens to leak more if they do not pay up. The blog currently lists Bluefield University as one of its targets, along with several other organizations.

Ransomware attacks are not only a technical problem but also a human one. They rely on exploiting human weaknesses such as curiosity, greed, fear, or trust. Therefore, it is essential for organizations to foster a culture of cybersecurity awareness and resilience among their employees and stakeholders. By doing so, they can reduce their risk of falling victim to ransomware attacks and mitigate their impact if they do occur.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

Avos Ransomware Gang

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles