Dual Ransomware Attacks Surge Alongside CSAM 2023


On completing the 20th anniversary of Cybersecurity Awareness Month, CISA has introduced a new cybersecurity awareness initiative named ‘Secure Our World’. The campaign is also expected to spread awareness against the trend of increased dual ransomware attacks, as announced by the FBI.

This security awareness program will permeate across all the Cybersecurity and Infrastructure Security Agency’s (CISA) campaigns and initiatives. The ‘Secure Our World’ campaign includes urging individuals, families, and small to medium-sized businesses to take daily action to safeguard themselves online and while using connected devices.

Cybersecurity Awareness Month vs. Rise of Dual Ransomware Attacks 

The FBI has termed this trend of cyber attacks as ‘Dual Ransomware Attacks’.

These attacks unfold in a two-pronged assault, where threat actors strike a victim first with one ransomware variant, followed by a second attack using a different strain, compounding the damage on its victims. 

While cybersecurity awareness month empowers users to instigate behavioral change nationwide, these dual ransomware attacks cast a dark shadow of hackers, and cybercriminals targeting organizations globally. 

This year’s theme ‘Secure Our World‘ will stand opposite to the rise of cyber attacks, especially towards the hacker groups using dual ransomware attacks to target innocent victims.

According to the FBI, the hackers targeting organizations have become predators as they have been seen targeting the same victim again within 10 days or less. 

Shockingly, a majority of these dual attacks transpire within a mere 48-hour window. Besides the rise in dual ransomware attacks, the FBI has also noted a concurrent surge in threat actors resorting to malware, data theft, and wiper tools to coerce ransomware victims into negotiation. 

How to protect yourself against dual ransomware attacks: A cybersecurity awareness guide 

To combat these threats, the FBI urges anyone with information on suspicious activity to come forward, providing specifics on time, location, affected equipment, and the nature of the incident.

“The FBI recommends organizations establish and maintain strong liaison relationships with the FBI Field Office in their region”, reads the report.

Some threat actors have been observed using two different ransomware strains within a single attack, and in some instances, initial access brokers have sold entry to two or more distinct ransomware groups, resulting in rapid successive assaults.

In cases where multiple ransomware variants are employed by the threat actors, victims are compelled to make payments to each group for data decryption and recovery, directly putting twice the pressure on the victims. 

To help network defenders thwart the adversarial use of common system and network discovery techniques, the FBI has outlined recommended mitigations in a recent Private Industry Notification.

This dual ransomware attacks trend sees ransomware assaults launched in quick succession against the same target, often deploying distinct ransomware variants like AvosLocker, Diamond, Hive Karakurt, LockBit, Quantum, and Royal. These variants are mixed and matched, resulting in a blend of data encryption, exfiltration, and extortion.

To fortify defenses against such threats, the FBI has offered a set of recommendations. These include maintaining offline backups of critical data, ensuring all backups are encrypted, scrutinizing the security measures of third-party vendors, and enforcing policies that permit only authorized programs to run.

Additionally, the FBI suggests implementing a robust recovery plan and maintaining multiple copies of sensitive information.”

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link