The US Federal Bureau of Investigation (FBI) is warning of a new trend of double ransomware attacks targeting the same victims from at least July 2023.
“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies: AvosLocker, Diamond, Hive, Karakurt, Lockbit, Quantum, and Royal,” the FBI said in an alert. “The variants were deployed in various combinations.”
Not much is known about the scale of such attacks, although they are believed to occur close to each other, anywhere from 48 hours to 10 days apart.
Another notable change seen in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to pressure victims into paying.
“The use of the dual ransomware variants resulted in financial losses due to data encryption, intrusion and ransom payment,” the agency said. “A second ransomware attack against already compromised systems could cause significant damage to victim organizations.”
It’s worth noting that dual ransomware attacks are not an entirely new phenomenon, with examples seen as early as May 2021.
Last year, Sophos revealed that an unnamed automotive supplier was the victim of a triple ransomware attack by Lockbit, Hive, and Blackcat over a two-week period between April and May 2022.
Then, earlier this month, Symantec detailed a 3AM ransomware attack targeting an unknown victim after a failed attempt to distribute Lockbit on the target network.
The shift in tactics boils down to several contributing factors, including the exploitation of zero-day vulnerabilities and the proliferation of initial access brokers and affiliates in the ransomware landscape, who can resell access to victim systems and deploy various strains in quick succession.
Organizations should prevent the spread of ransomware by maintaining offline backups, monitoring external remote connections and Remote Desktop Protocol (RDP) use, implementing phishing-resistant multi-factor authentication, auditing user accounts, and segmenting the network. It is advised to strengthen your security.