The US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."
See: https://www.ic3.gov/Media/News/2023/230928.pdf
Not much is known about the scale of such attacks, although it's believed that they happen near one another, ranging from anywhere between 48 hours to within 10 days. Another notable change observed in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up. "This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments," the agency said. "Second ransomware attacks against an already compromised system could significantly harm victim entities."
It is worth noting that dual ransomware attacks are not an entirely novel phenomenon, with instances observed as early as May 2021. During 2022, Sophos revealed that an unnamed automotive supplier had been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat over a span of two weeks between April and May 2022.
See: https://redskyalliance.org/xindustry/blackcat-tools-impacket-remcom-1
Recently, Symantec detailed a 3AM ransomware attack targeting an unnamed victim following an unsuccessful attempt to deliver LockBit in the target network.
See: https://redskyalliance.org/xindustry/lockbit-ransomware-gang-promises-bounty-payments
The shift in tactics is due to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.
Organizations are advised to strengthen their defenses by maintaining offline backups, monitoring external remote connections and remote desktop protocol (RDP) use, enforcing phishing-resistant multi-factor authentication, auditing user accounts, and segmenting networks to prevent the spread of ransomware.
This article is presented at no charge for educational and informational purposes only.
Source: https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments