The Federal Bureau of Investigation (FBI) of the United States has issued a warning regarding a new trend in dual ransomware attacks that has been observed since at least July 2023.
According to the FBI, cyber threat actors are deploying two different ransomware variants against victim companies, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These variants are being deployed in various combinations. The scale of such attacks is not yet known, but it is believed that they occur in close proximity to one another, ranging from anywhere between 48 hours to within 10 days.
The FBI has also observed an increase in the use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up. The use of dual ransomware variants has resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. The agency warns that second ransomware attacks against an already compromised system could significantly harm victim entities.
The shift in tactics is due to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.
To strengthen their defenses, organizations are advised to maintain offline backups, monitor external remote connections and remote desktop protocol (RDP) use, enforce phishing-resistant multi-factor authentication, audit user accounts, and segment networks to prevent the spread of ransomware.