InfoSecBulletin Cybersecurity for mankind
The FBI has identified dual ransomware attacks as an increasing cybercrime trend. These attacks involve targeting a company twice within a short period of time. The attackers use two different types of ransomware to cause maximum harm, resulting in data encryption, data theft, and financial losses from ransom payments.
AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal are some ransomware strains being used. To protect against such attacks, the FBI recommends companies to create backups and encrypt them.
First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report
Prince Ransomware Hits UK and US
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns
A summary of “2024 State of Cybersecurity survey” by ISACA
ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress
Researchers detected 31 new Malware in September
CRI Release New Ransomware Response Guidance
ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws
Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching
CISA Warns
Network switch RCE flaw impacts critical infrastructure
ALSO READ:
The FBI believes that in early 2022, there was a rise in dual ransomware attacks. Multiple ransomware groups started using custom data theft, wiper tools, and malware to pressure victims into negotiating. In some cases, they added new code to known data theft tools to avoid detection.
In 2022, some malware stayed inactive until a specific time, and then it corrupted data periodically.
How businesses can protect themselves from dual ransomware attacks:Â
The FBI has issued a flash warning recommending that companies take steps to protect themselves from attacks. They suggest that companies regularly backup their data and ensure that these backups are encrypted, as attackers often target backups.
The FBI advises businesses to check the software supply chains and the security arrangements of vendors. They recommend monitoring and reviewing all connections between third-party vendors and external software or hardware for any suspicious activity. The advisory also suggests implementing listing policies for applications and remote access. These policies should only allow systems to run programs that are known and permitted under a security policy that has been established.
The law enforcement agency advises companies to document and monitor external remote connections. This will help them implement remote management and maintenance during an attack. They should also create a recovery plan by keeping multiple copies of sensitive data and servers in a separate location from the originals.
The FBI suggests that organizations should review and, if necessary, update their incident response and communication plans that outline the actions they will take in case they are affected by a cyber incident.
