InfoSecBulletin Cybersecurity for mankind
The FBI has identified dual ransomware attacks as an increasing cybercrime trend. These attacks involve targeting a company twice within a short period of time. The attackers use two different types of ransomware to cause maximum harm, resulting in data encryption, data theft, and financial losses from ransom payments.
AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal are some ransomware strains being used. To protect against such attacks, the FBI recommends companies to create backups and encrypt them.
Samsung phone is saving your passwords in plain text
UK Software Firm Exposed 8 million of Healthcare Worker Records
GitHub Enterprise Server Vulns Expose Risk of Code Execution
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
ALSO READ:
The FBI believes that in early 2022, there was a rise in dual ransomware attacks. Multiple ransomware groups started using custom data theft, wiper tools, and malware to pressure victims into negotiating. In some cases, they added new code to known data theft tools to avoid detection.
In 2022, some malware stayed inactive until a specific time, and then it corrupted data periodically.
How businesses can protect themselves from dual ransomware attacks:
The FBI has issued a flash warning recommending that companies take steps to protect themselves from attacks. They suggest that companies regularly backup their data and ensure that these backups are encrypted, as attackers often target backups.
The FBI advises businesses to check the software supply chains and the security arrangements of vendors. They recommend monitoring and reviewing all connections between third-party vendors and external software or hardware for any suspicious activity. The advisory also suggests implementing listing policies for applications and remote access. These policies should only allow systems to run programs that are known and permitted under a security policy that has been established.
The law enforcement agency advises companies to document and monitor external remote connections. This will help them implement remote management and maintenance during an attack. They should also create a recovery plan by keeping multiple copies of sensitive data and servers in a separate location from the originals.
The FBI suggests that organizations should review and, if necessary, update their incident response and communication plans that outline the actions they will take in case they are affected by a cyber incident.
