The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification highlighting two concerning trends in the world of ransomware attacks.
As of July 2023, the FBI observed a rising occurrence of dual ransomware attacks on the same victim within close date proximity and a shift towards new data destruction tactics in ransomware incidents.
In these dual ransomware attacks, cyber threat actors are deploying two different ransomware variants against victim companies, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum and Royal.
This approach combines data encryption, exfiltration and ransom payments, causing significant harm to compromised systems. The FBI warns that second ransomware attacks against already compromised entities could exacerbate the impact.
Moreover, a troubling development observed by the FBI in 2022 involved ransomware groups employing custom data theft and wiper tools to pressure victims into negotiating.
Some cases saw new code integrated into known data theft tools to evade detection. Others witnessed malware with data wipers lying dormant until a set time before corrupting data at intervals.
FBI Recommendations for Countering Ransomware:
- Maintain offline data backups
- Ensure data backups are encrypted and immutable
- Review third-party vendors' security posture
- Implement application listing policies for controlled execution
It also advised strengthening identity and access management (IAM) by enforcing multifactor authentication (MFA) and conducting audits of user accounts with administrative privileges.
The FBI further emphasized the importance of network segmentation, monitoring, and endpoint detection and response tools to detect abnormal activities. Regular updates to software, disabling unused ports and security feature enablement are also recommended.
In response to these trends, organizations are encouraged to report suspicious or criminal activities to their local FBI field offices or ic3.gov. The FBI highlighted its partnership with the US Joint Ransomware Task Force (JRTF) to streamline responses and collaborate with public and private sectors in addressing the growing threat of ransomware attacks.