The FBI has issued a warning about an emerging trend in ransomware attacks, involving the use of dual ransomware variants targeting the same victims. These attacks have been observed since July 2023 and employ various combinations of ransomware variants, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.
These dual ransomware attacks occur in close proximity, typically within 48 hours to 10 days of each other. One of the significant shifts in these attacks is the increased use of custom data theft, wiper tools, and additional malware to exert pressure on victims to pay the ransom.
The combination of dual ransomware variants poses a significant threat as it leads to a mixture of data encryption, data exfiltration, and financial losses from ransom payments.
The FBI emphasizes that launching a second ransomware attack on an already compromised system could cause substantial harm to victim entities. While dual ransomware attacks are not entirely new, their prevalence has been on the rise due to factors such as the exploitation of zero-day vulnerabilities and the involvement of initial access brokers and affiliates in the ransomware ecosystem, allowing for quick succession of ransomware strains.
To protect against these evolving threats, organizations are urged to strengthen their cybersecurity defenses. This includes maintaining offline backups, closely monitoring external remote connections and remote desktop protocol (RDP) usage, implementing phishing-resistant multi-factor authentication, conducting regular user account audits, and segmenting networks to prevent the lateral spread of ransomware.
The FBI’s warning serves as a reminder of the continually changing tactics employed by cybercriminals in the ransomware landscape and underscores the importance of proactive cybersecurity measures.