FBI Flags Escalating Trend of Paired Ransomware Threats

Reading Time: ( Word Count: )

September 30, 2023
Nextdoorsec-course

The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware offensives that aim at the same targets, observed since July 2023.

In these sophisticated cyber-attacks, attackers unleash two distinct ransomware strains on the victim’s systems. These strains include names like AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, and they’re paired in various combinations during the attacks.

The precise magnitude of these dual attacks remains under the radar, but what’s evident is their timing. Typically, the attacks appear to be spaced closely, spanning a period between two days and up to ten days.

There’s an evolving dimension in the ransomware world, as attackers increasingly employ bespoke data theft instruments, wiper tools, and malware to ramp up the pressure on their victims, compelling them to pay the demanded ransom.

The FBI highlighted that the consequence of these double-barreled ransomware attacks results in a blend of data encryption, extraction, and considerable financial drain due to ransom payouts. The subsequent ransomware strike on an already vulnerable system can amplify the devastation for the victim.

Also Read: Unraveling the Mystery Behind Discord’s Recent Block Message

FBI Flags Escalating Trend of Paired Ransomware Threats

While the concept of dual ransomware onslaughts isn’t entirely groundbreaking, as such incidents were reported as far back as May 2021, their frequency and sophistication are on the rise.

In a past revelation, Sophos mentioned an anonymous car parts manufacturer that suffered a trifecta of ransomware attacks involving Lockbit, Hive, and BlackCat within a two-week period in 2022.

Furthermore, Symantec recently highlighted a case where a 3 AM ransomware onslaught was directed at a target following a botched attempt to infiltrate the LockBit ransomware into the victim’s system.

This evolution in attack methodologies is attributed to multiple factors, such as the harnessing of undiscovered vulnerabilities and the surge of initial access brokers in the cyber underworld. These brokers are adept at procuring and selling access rights to compromised systems, facilitating rapid deployment of diverse ransomware strains.

To fortify their cyber ramparts against such threats, entities are recommended to preserve offline backups, diligently oversee external remote linkages and the usage of remote desktop protocol (RDP), employ phishing-proof multi-factor authentication, rigorously review user credentials, and compartmentalize networks to thwart the rampant spread of ransomware.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *