The U.S. Federal Bureau of Investigation (FBI) is warning of a new development of twin ransomware attacks concentrating on the exact same victims, at the very least because July 2023.
“Through these attacks, cyber menace actors deployed two various ransomware variants from sufferer businesses from the subsequent variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the FBI explained in an alert. “Variants were deployed in different combinations.”
Not considerably is acknowledged about the scale of this sort of attacks, despite the fact that it can be considered that they occur in close proximity to just one one more, ranging from everywhere involving 48 hrs to within just 10 days.
One more notable adjust noticed in ransomware attacks is the elevated use of custom info theft, wiper equipment, and malware to exert tension on victims to pay up.
“This use of twin ransomware variants resulted in a mixture of data encryption, exfiltration, and monetary losses from ransom payments,” the company reported. “2nd ransomware attacks against an currently compromised procedure could substantially damage victim entities.”
It is really worth noting that dual ransomware attacks are not an totally novel phenomenon, with instances noticed as early as May possibly 2021.
Previous year, Sophos disclosed that an unnamed automotive supplier experienced been hit by a triple ransomware attack comprising Lockbit, Hive, and BlackCat around a span of two weeks among April and May perhaps 2022.
Approaching WEBINARFight AI with AI — Battling Cyber Threats with Future-Gen AI Tools
Ready to deal with new AI-driven cybersecurity issues? Be a part of our insightful webinar with Zscaler to handle the escalating risk of generative AI in cybersecurity.
Supercharge Your Capabilities
Then, previously this month, Symantec in depth a 3AM ransomware attack concentrating on an unnamed sufferer subsequent an unsuccessful attempt to supply LockBit in the goal network.
The shift in practices boils down to numerous contributing variables, such as the exploitation of zero-day vulnerabilities and the proliferation of preliminary access brokers and affiliate marketers in the ransomware landscape, who can resell entry to victim units and deploy many strains in speedy succession.
Businesses are encouraged to fortify their defenses by protecting offline backups, monitoring external remote connections and remote desktop protocol (RDP) use, implementing phishing-resistant multi-factor authentication, auditing user accounts, and segmenting networks to prevent the spread of ransomware.
Uncovered this article interesting? Follow us on Twitter and LinkedIn to read through more exclusive information we post.
Some sections of this post are sourced from: