The U.S. Federal Bureau of Investigation (FBI) is warning of dual ransomware attacks, a new worrisome trend in the threat landscape that sees threat actors targeting the same victims two times.
“As of July 2023, the FBI noted two trends emerging across the ransomware environment and is releasing this notification for industry awareness. These new trends included multiple ransomware attacks on the same victim in close date proximity and new data destruction tactics in ransomware attacks.” reads the Private Industry Notification published by the FBI.” The FBI noted a trend of dual ransomware attacks conducted in close proximity to one another.”
According to the FBI, threat actors deployed two different ransomware variants in the victims’ networks. The government experts observed the threat actors using the following ransomware families: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. Dual ransomware attacks resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments.
“Second ransomware attacks against an already compromised system could significantly harm victim entities.” continues the alert.
The experts also warn that multiple ransomware groups increased the use of custom data theft, wiper tools, and malware to put pressure on the victims and convince them to negotiate. In some cases, ransomware group added their own code to known data theft tools to prevent detection. In other cases in 2022, data wipers remained dormant until a set time to avoid detection and used an intermittent execution to corrupt data.
It is important to remark that dual ransomware attacks are not a new phenomenon, in many cases in the past victims’ systems were infected with multiple strains of ransomware.
Symantec’s Threat Hunter Team recently discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.
The FBI’s PIN provides recommendations to network defenders for being prepared to respond to cyber incidents, optimizing identity and access management, implementing protective controls and architecture, and enhancing vulnerability and configuration management.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, dual ransomware attacks)
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.