The FBI has identified dual ransomware attacks as an increasing cybercrime trend. These attacks involve targeting a company twice within a short period of time. The attackers use two different types of ransomware to cause maximum harm, resulting in data encryption, data theft, and financial losses from ransom payments.
AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal are some ransomware strains being used. To protect against such attacks, the FBI recommends companies to create backups and encrypt them.
The FBI believes that in early 2022, there was a rise in dual ransomware attacks. Multiple ransomware groups started using custom data theft, wiper tools, and malware to pressure victims into negotiating. In some cases, they added new code to known data theft tools to avoid detection.
In 2022, some malware stayed inactive until a specific time, and then it corrupted data periodically.
How businesses can protect themselves from dual ransomware attacks:
The FBI has issued a flash warning recommending that companies take steps to protect themselves from attacks. They suggest that companies regularly backup their data and ensure that these backups are encrypted, as attackers often target backups.
The FBI advises businesses to check the software supply chains and the security arrangements of vendors. They recommend monitoring and reviewing all connections between third-party vendors and external software or hardware for any suspicious activity. The advisory also suggests implementing listing policies for applications and remote access. These policies should only allow systems to run programs that are known and permitted under a security policy that has been established.
The law enforcement agency advises companies to document and monitor external remote connections. This will help them implement remote management and maintenance during an attack. They should also create a recovery plan by keeping multiple copies of sensitive data and servers in a separate location from the originals.
The FBI suggests that organizations should review and, if necessary, update their incident response and communication plans that outline the actions they will take in case they are affected by a cyber incident.