AvosLocker ransomware released a free decryptor to a US agency

AvosLocker Ransomware Free Decryptor US Agency Threat Group Decryption Key Data Breach Ransomware-as-a-Service

The AvosLocker operation has recently released a ransomless decryptor after realizing that they had struck a United States government agency with ransomware.

In November of 2020, the AvosLocker ransomware group breached a United States police department that has encrypted the devices of the agency and exfiltrated data during the operation.

However, according to a screenshot released by a cybersecurity researcher, after realizing that the victim was a United States government agency, AvosLocker released a decryptor in exchange for nothing. Even though the AvosLocker gave away a decryptor for free to the police department, they still have not provided a list of exfiltrated files or how they breached the US department’s highly secure network.


A representative of the AvosLocker ransomware group stated that they have no policy on which firm they target but usually, they shy away from targeting government entities and healthcare institutions.


Also, the group’s representative admitted that sometimes, one of their affiliates locks a network without their signal. Hence, it could be that they only have accidentally encrypted one of the United States government entities.

The spokesperson of AvosLocker said that they always avoid attacking government agencies since the money from these sectors came from the people’s taxes and not from money laundering, investments, or other unfair acts. They also stressed that they do not fear the law just because they provided a decryptor without anything in return.

Multiple international law enforcement campaigns have resulted in several arraignments or arrests of ransomware affiliates and money scammers over the previous years. These apprehensions include Netwalker, Clop, REvil, and Egregor ransomware threat groups.

The increased pressure of law enforcement agencies against threat actors has shown positive results, leading to several ransomware campaigns shutting down. The most notable ransomware groups that shut down recently are DarkSide, Avaddon, REvil, and BlackMatter.

Most of these malicious threat groups just rebranded their gangs as a new operation, thinking it would aid them in evading the joint attack group of several countries. Unfortunately, AvosLocker stated that they are not worried about the police force since their motherland has no jurisdiction, even with the heightened pressure.

About the author

Leave a Reply