The FBI in the United States has issued a warning regarding a new trend in ransomware attacks that have been occurring since July 2023. These attacks involve cybercriminals using two different types of ransomware against the same victims, including variants such as AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These variants are deployed in various combinations.
The exact scale of these attacks is not well-documented, but they are believed to occur in close succession, typically within a timeframe ranging from 48 hours to 10 days.
Another significant change in ransomware attacks is the increased use of custom data theft tools, wipers, and malware to pressure victims into paying ransoms. This use of dual ransomware variants combines data encryption, data exfiltration, and financial losses from ransom payments. Second ransomware attacks on systems that are already compromised can cause substantial harm to victim organizations.
It's important to note that dual ransomware attacks are not a new phenomenon, as they were observed as early as May 2021. For example, a triple ransomware attack was reported on an unnamed automotive supplier in April and May 2022, involving Lockbit, Hive, and BlackCat ransomware.
More recently, in the same month as the FBI warning, Symantec detailed a 3AM ransomware attack on an unidentified victim, which followed an unsuccessful attempt to deliver LockBit to the target network.
This shift in tactics is influenced by several factors, including the exploitation of zero-day vulnerabilities and the increased presence of initial access brokers and ransomware affiliates. These actors can sell access to victim systems and deploy multiple ransomware strains in quick succession.
To defend against such attacks, organizations are advised to strengthen their cybersecurity measures by maintaining offline backups, monitoring external remote connections and remote desktop protocol (RDP) usage, implementing phishing-resistant multi-factor authentication, auditing user accounts, and segmenting networks to prevent the spread of ransomware.
Make sure your business is secure! Reach out to PTI to keep your business protected from ransomware!