Image credit: Anete Lusina via Pexels
The U.S. Federal Bureau of Investigation (FBI) has issued a stark warning concerning a concerning surge in dual ransomware attacks on American companies. This trend dates back to July 2023.
Twin Assaults: A Disturbing Trend
Cybercriminals have adopted an unsettling modus operandi during these attacks. They deploy two distinct ransomware variants against their targets. They have a smorgasbord of options at their disposal, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. What’s particularly disconcerting is the fact that these variants are often unleashed in various combinations. This complicates the recovery process.
The scale of these attacks remains shrouded in mystery. However, it is suspected that they occur in close succession. They transpire anywhere from 48 hours to within 10 days of each other. This rapid-fire approach leaves victims grappling with the aftermath of dual strikes.
Adding to the arsenal of cybercriminals is the increasing employment of custom data theft techniques, wiper tools, and malware to coerce victims into capitulating to ransom demands. The combination of these tactics results in a harrowing blend of data encryption, data exfiltration, and financial losses through ransom payments.
The FBI emphasizes that second ransomware attacks on an already compromised system could inflict significant harm on victimized organizations. This alarming development has raised concerns throughout the cybersecurity community.
Not a Novel Concept
The concept of dual ransomware attacks is not entirely unprecedented. There are documented instances dating back to May 2021. In a notable incident last year, an undisclosed automotive supplier fell prey to a triple ransomware attack. This attack was orchestrated by LockBit, Hive, and BlackCat over a two-week period in April and May 2022.
Earlier this month, Symantec reported a 3AM ransomware attack on an undisclosed target. This followed an unsuccessful attempt to infiltrate the network with LockBit. These incidents highlight the evolving tactics of ransomware actors.
The Evolution of Tactics
Several factors cause this shift in tactics. Cybercriminals are exploiting zero-day vulnerabilities. They are capitalizing on the growth of initial access brokers and leveraging affiliates in the ransomware landscape. These intermediaries resell access to victim systems. They enable the deployment of multiple strains in rapid succession.
In light of these developments, organizations are strongly urged to fortify their defenses. This includes maintaining secure offline backups. They should also closely monitor external remote connections and implement robust multi-factor authentication mechanisms to thwart phishing attempts. Additionally, auditing user accounts and network segmentation can be critical safeguards against the spread of ransomware.
FBI’s Recommendations for Defense
The FBI advises organizations to take proactive measures to safeguard against evolving ransomware threats. These actions include maintaining multiple offline copies of highly secure, encrypted, and immutable backups. Immutable backups are indispensable for preventing the encryption, deletion, or alteration of data during a ransomware attack. They facilitate data and network restoration without succumbing to ransom demands.
