The FBI recently released a PIN (Private Industry Notification) in order to “highlight emerging ransomware trends,” in this case “dual ransomware attacks,” a type of attack that targets the same organization twice with two different types of ransomware, resulting in a significantly more encrypted system for the victims. A dual ransomware attack is classified by the FBI as an attack “against the same victim occurring within 10 days, or less, of each other,” most of which “occurred within 48 hours of each other.”
What is a Dual Ransomware Attack?
In these attacks, the FBI warned, “cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. Variants were deployed in various combinations.” Typical ransomware attacks have a simpler timeline, one that begins with an initial intrusion, escalation, encryption, and then a pay-day. This new ransomware trend, labeled as a “dual ransomware attack,” results in higher layers of encryption, causing the timeline to become initial intrusion, escalation, encryption, further encryption, and then, because of the two different deployed ransomware variants, two pay-days. “Second ransomware attacks against an already compromised system could significantly harm victim entities,” the PIN points out, reiterating the threat that a second layer encryption attack could have on a company.
Dual Ransomware Mitigation Recommendations
The FBI has created a set of recommendations for all network defenders in order to fortify organizations against the rising menace of dual ransomware attacks. Central to these guidelines is establishing strong liaisons with regional FBI Field Offices for identifying vulnerabilities and mitigating threats.
- Offline Data Backups: Maintaining regular, encrypted, and immutable offline backups to ensure data integrity and availability during cyber incidents.
- Vendor Security Review: Rigorous security assessment of third-party vendors and monitoring connections for suspicious activities.
- Enhanced Access Management: Adherence to National Institute of Standards and Technology (NIST) standards for password policies, coupled with phishing-resistant multifactor authentication.
- Network Segmentation: Implementing network segmentation to curb ransomware spread and control traffic flows between subnetworks.
- Proactive Monitoring: Employing network monitoring tools and Endpoint Detection and Response (EDR) tools for identifying abnormal activities and potential ransomware traversal.
- Timely Patching: Ensuring all systems are updated to the latest security patches to minimize exposure to cyber threats.
By embracing these measures, organizations can significantly bolster their defense mechanisms, making it exceedingly challenging for cyber adversaries to exploit system and network vulnerabilities.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –