FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

Cyber Security

Sep 30, 2023THNRansomware / Cyber Threat

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.

“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI said in an alert. “Variants were deployed in various combinations.”

Not much is known about the scale of such attacks, although it’s believed that they happen in close proximity to one another, ranging from anywhere between 48 hours to within 10 days.

Cybersecurity

Another notable change observed in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up.

“This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” the agency said. “Second ransomware attacks against an already compromised system could significantly harm victim entities.”

It’s worth noting that dual ransomware attacks are not an entirely novel phenomenon, with instances observed as early as May 2021.

Last year, Sophos revealed that an unnamed automotive supplier had been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat over a span of two weeks between April and May 2022.

UPCOMING WEBINAR

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

Then, earlier this month, Symantec detailed a 3AM ransomware attack targeting an unnamed victim following an unsuccessful attempt to deliver LockBit in the target network.

The shift in tactics boils down to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.

Organizations are advised to strengthen their defenses by maintaining offline backups, monitoring external remote connections and remote desktop protocol (RDP) use, enforcing phishing-resistant multi-factor authentication, auditing user accounts, and segmenting networks to prevent the spread of ransomware.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
Nokia G42 5G New 4GB RAM Variant With 128GB Storage Launched in India: Price, Offers
This startup claims its new homes will generate more energy than they use
Suicide Squad: Kill the Justice League Review: Rocksteady’s Looter Shooter Shoots Itself in the Foot
Tecno Camon 30 Premier 5G With PolarAce Imaging System Unveiled at MWC 2024

Leave a Reply

Your email address will not be published. Required fields are marked *