The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware offensives that aim at the same targets, observed since July 2023.
In these sophisticated cyber-attacks, attackers unleash two distinct ransomware strains on the victim’s systems. These strains include names like AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, and they’re paired in various combinations during the attacks.
The precise magnitude of these dual attacks remains under the radar, but what’s evident is their timing. Typically, the attacks appear to be spaced closely, spanning a period between two days and up to ten days.
There’s an evolving dimension in the ransomware world, as attackers increasingly employ bespoke data theft instruments, wiper tools, and malware to ramp up the pressure on their victims, compelling them to pay the demanded ransom.
The FBI highlighted that the consequence of these double-barreled ransomware attacks results in a blend of data encryption, extraction, and considerable financial drain due to ransom payouts. The subsequent ransomware strike on an already vulnerable system can amplify the devastation for the victim.
While the concept of dual ransomware onslaughts isn’t entirely groundbreaking, as such incidents were reported as far back as May 2021, their frequency and sophistication are on the rise.
In a past revelation, Sophos mentioned an anonymous car parts manufacturer that suffered a trifecta of ransomware attacks involving Lockbit, Hive, and BlackCat within a two-week period in 2022.
Furthermore, Symantec recently highlighted a case where a 3 AM ransomware onslaught was directed at a target following a botched attempt to infiltrate the LockBit ransomware into the victim’s system.
This evolution in attack methodologies is attributed to multiple factors, such as the harnessing of undiscovered vulnerabilities and the surge of initial access brokers in the cyber underworld. These brokers are adept at procuring and selling access rights to compromised systems, facilitating rapid deployment of diverse ransomware strains.
To fortify their cyber ramparts against such threats, entities are recommended to preserve offline backups, diligently oversee external remote linkages and the usage of remote desktop protocol (RDP), employ phishing-proof multi-factor authentication, rigorously review user credentials, and compartmentalize networks to thwart the rampant spread of ransomware.