FBI Alerts to Growing Trend: U.S. Companies Facing Increasing Dual Ransomware Threats
There have been reports of dual ransomware attacks on US companies since July 2023. These attacks involve the use of two different ransomware strains, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, in various combinations. It is unclear how widespread these attacks are, but they are believed to occur within a short timeframe, ranging from 48 hours to 10 days apart. It's important to be vigilant and take necessary precautions to safeguard against such threats.
This new trend also involves an increased use of custom data theft, wiper tools, and malware to pressure victims into paying ransoms. The utilization of dual ransomware variants leads to a combination of data encryption, data theft, and financial losses from ransom payments, posing significant harm to compromised organizations.
It is important to note that dual ransomware attacks have been happening since May 2021. However, recent reports suggest that cybercriminals are now using triple ransomware attacks, indicating the evolution of their tactics. These changes are driven by factors such as the exploitation of zero-day vulnerabilities and the rise of initial access brokers and affiliates in the ransomware landscape. These enable the rapid deployment of various strains in quick succession.
To bolster defenses against these threats, organizations are advised to maintain offline backups, monitor external remote connections and remote desktop protocol (RDP) usage, implement phishing-resistant multi-factor authentication, conduct user account audits, and segment networks to prevent ransomware spread.
Source: https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html