FBI: Crippling 'Dual Ransomware Attacks' on the Rise

Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.

Dark Reading Staff, Dark Reading

October 2, 2023

2 Min Read
The FBI logo
Source: GK Images via Alamy Stock Photo

The FBI has issued a warning about a rising ransomware trend in which separate attacks are conducted just hours or days apart — otherwise known as "dual ransomware attacks." 

"Ransomware attacks against the same victim occurring within 10 days, or less, of each other were considered dual ransomware attacks," the bureau explained in a Private Industry Notification released last week. "The majority of dual ransomware attacks occurred within 48 hours of each other."

These ransomware attacks happen to the same victim within a short time span and, in the wild, have occurred with threat actors deploying different ransomware variants for each leg of the attacks, such as AvosLocker, Diamond, Hive Karakurt, LockBit, Quantum, and Royal. These variants are released in different dual combinations, ultimately resulting in a mix of data encryption, exfiltration, and extortion.

The phenomenon makes sense: After an initial ransomware attack, an organization or company is still reeling from the breach and is at its weakest point, making a second attack to its already compromised system all the more harmful.

In addition to dual ransomware attacks, the FBI noted a rising trend of threat actors increasingly using malware, data theft, and wiper tools to manipulate and pressure ransomware victims into negotiating. To combat both of these trends, the FBI encourages anyone to report suspicious activity with details of the time and place as well as affected equipment and the type of activity that occurred.

To help safeguard against these kinds of threats, the FBI has provided recommendations for mitigations, which include maintaining offline backups of data, ensuring all the backed-up data is encrypted, reviewing the security safeguard of third parties and vendors, and implementing policies "that only allow systems to execute known and permitted programs." In addition, the FBI recommends implementing a secure recovery plan and retaining multiple copies of sensitive information.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights