FBI: Crippling 'Dual Ransomware Attacks' on the RiseFBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
October 2, 2023
The FBI has issued a warning about a rising ransomware trend in which separate attacks are conducted just hours or days apart — otherwise known as "dual ransomware attacks."
"Ransomware attacks against the same victim occurring within 10 days, or less, of each other were considered dual ransomware attacks," the bureau explained in a Private Industry Notification released last week. "The majority of dual ransomware attacks occurred within 48 hours of each other."
These ransomware attacks happen to the same victim within a short time span and, in the wild, have occurred with threat actors deploying different ransomware variants for each leg of the attacks, such as AvosLocker, Diamond, Hive Karakurt, LockBit, Quantum, and Royal. These variants are released in different dual combinations, ultimately resulting in a mix of data encryption, exfiltration, and extortion.
The phenomenon makes sense: After an initial ransomware attack, an organization or company is still reeling from the breach and is at its weakest point, making a second attack to its already compromised system all the more harmful.
In addition to dual ransomware attacks, the FBI noted a rising trend of threat actors increasingly using malware, data theft, and wiper tools to manipulate and pressure ransomware victims into negotiating. To combat both of these trends, the FBI encourages anyone to report suspicious activity with details of the time and place as well as affected equipment and the type of activity that occurred.
To help safeguard against these kinds of threats, the FBI has provided recommendations for mitigations, which include maintaining offline backups of data, ensuring all the backed-up data is encrypted, reviewing the security safeguard of third parties and vendors, and implementing policies "that only allow systems to execute known and permitted programs." In addition, the FBI recommends implementing a secure recovery plan and retaining multiple copies of sensitive information.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
2022 Insurance Industry Cyber Threat Landscape Report