The FBI recently issued a warning regarding a concerning new trend in ransomware attacks. Known as “dual ransomware attacks,” these incidents involve multiple attacks conducted within a short time frame, typically within 10 days or less. The majority of these attacks occur within 48 hours of each other.

In its Private Industry Notification released last week, the FBI defined dual ransomware attacks as those where ransomware is deployed against the same victim on separate occasions. This emerging pattern poses a significant threat to organizations and companies, as it compounds the damage caused by the initial breach.

The attacks witnessed so far have involved the use of different ransomware variants for each leg of the attack. Threat actors have utilized a range of ransomware strains, including AvosLocker, Diamond, Hive Karakurt, LockBit, Quantum, and Royal. By employing these diverse combinations of ransomware variants, the attackers can execute a mix of data encryption, exfiltration, and extortion methods.

This double whammy approach makes perfect sense from the perspective of the threat actors. Following the initial ransomware attack, the victim organization is already grappling with the aftermath and trying to recover from the breach. As a result, its defenses and security measures may be weakened or compromised, making it more vulnerable to subsequent attacks.

In addition to the rise of dual ransomware attacks, the FBI has also observed an increase in the use of malware, data theft, and wiper tools by threat actors to put pressure on victims and manipulate them into negotiating. These tactics further escalate the risks faced by organizations dealing with ransomware attacks.

To tackle these evolving threats, the FBI urges individuals to report any suspicious activity. Providing details such as the time and place of the incident, the affected equipment, and the type of activity that occurred can assist law enforcement agencies in their investigations and efforts to combat ransomware attacks.

To bolster defenses against these types of threats, the FBI has released a set of recommended mitigations. These measures include maintaining offline backups of data, ensuring that all backed-up data is encrypted, reviewing the security measures implemented by third-party vendors, and implementing policies that restrict systems from executing unknown or unauthorized programs.

Additionally, the FBI advises organizations to develop a comprehensive and secure recovery plan. This plan should encompass multiple copies of sensitive information, ensuring that critical data can be restored in the event of a ransomware attack.

As ransomware attacks continue to evolve and become more sophisticated, it is crucial for organizations to remain vigilant and proactive in implementing robust cybersecurity measures. By following the FBI’s recommendations and staying informed about emerging threats, businesses can mitigate the risks posed by dual ransomware attacks and protect their valuable data from malicious actors.

Source link