The U.S. Federal Bureau of Investigation (FBI) is warning of a brand new pattern of twin ransomware assaults focusing on the identical victims, at the least since July 2023.
“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI said in an alert. “Variants were deployed in various combinations.”
Not a lot is understood in regards to the scale of such assaults, though it is believed that they occur in shut proximity to at least one one other, starting from anyplace between 48 hours to inside 10 days.
![FBI Warns of Rising Pattern of Twin Ransomware Assaults Focusing on U.S. Corporations 3 Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPYBKMZbU-7Y7Kg3jq6dgh_5dNBqpJMQZyBnu7A58Cl9-Hf3Zqlp6O7GKltaeaspPcedrN2-3WCGOvSx55C92iJOqEdWBLCE6RGwVakDy6TsH2P4xv2Vcu4oSW3hat-7_q1c_MTiOdDXb3niTcU9DAgkJ__W9jQIcIDRZOA7cx6KqCxchAOHDOf8wyQIda/s728-e30/bb-d.png)
One other notable change noticed in ransomware assaults is the elevated use of customized information theft, wiper instruments, and malware to exert strain on victims to pay up.
“This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” the company mentioned. “Second ransomware attacks against an already compromised system could significantly harm victim entities.”
It is value noting that twin ransomware assaults aren’t a wholly novel phenomenon, with instances observed as early as Might 2021.
Final yr, Sophos revealed that an unnamed automotive provider had been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat over a span of two weeks between April and Might 2022.
Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools
Able to deal with new AI-driven cybersecurity challenges? Be part of our insightful webinar with Zscaler to deal with the rising menace of generative AI in cybersecurity.
Then, earlier this month, Symantec detailed a 3AM ransomware attack focusing on an unnamed sufferer following an unsuccessful try to ship LockBit within the goal community.
The shift in ways boils all the way down to a number of contributing factorstogether with the exploitation of zero-day vulnerabilities and the proliferation of preliminary entry brokers and associates within the ransomware panorama, who can resell entry to sufferer techniques and deploy varied strains in fast succession.
Organizations are suggested to strengthen their defenses by sustaining offline backups, monitoring exterior distant connections and distant desktop protocol (RDP) use, implementing phishing-resistant multi-factor authentication, auditing person accounts, and segmenting networks to stop the unfold of ransomware.
Author: data@thehackernews.com (The Hacker Information)
Date: 2023-09-30 05:49:00