Executive Summary
The Federal Bureau of Investigation (FBI) has issued an alert for the private industry regarding an emergence in ransomware attack trends since July 2023.
In these attacks, perpetrators are employing a new strategy by deploying multiple strains of ransomware on victims’ networks, resulting in the encryption of systems within a remarkably short time frame, typically under 48 hours.
Notably, this approach involves the simultaneous use of two distinct variants of ransomware, leading to the encryption of data, exfiltration of sensitive information, and significant financial losses for the targeted organizations.
The FBI has also shared recommended mitigations in response to the new activity trends to help reduce the risk of attacks and protect organizations from potential harm.
FBI’s Observations
Ransomware affiliates and operators have adopted a concerning new approach, as observed by the FBI.
They are now utilizing two distinct ransomware variants concurrently in their attacks. These dual ransomware attacks involve the deployment of variants such as AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.
This strategy results in a combination of data encryption, exfiltration, and financial losses stemming from ransom payments, posing a significant threat to victim organizations.
This trend marks a departure from the past, where ransomware groups typically required a minimum of 10 days to execute such attacks.
Presently, the majority of ransomware incidents targeting the same victim occur within a remarkably short 48-hour timeframe.
To add to the complexity, ransomware gangs have introduced new code into their tools to evade detection.
Additionally, certain malware includes data-wiping functionality that remains dormant on compromised systems until a predefined time, at which point it executes and destroys data at periodic intervals.
These observations emphasize the evolving tactics and heightened risks associated with ransomware attacks in recent times.
FBI’s Recommended Mitigations
Key highlights from the mitigations recommended by FBI:
- Maintain close connections with FBI Field Offices to identify vulnerabilities and mitigate threats.
- Apply the mitigation measures outlined in the FBI’s Private Industry Notification to reduce attackers’ utilization of common system and network discovery techniques.
- Keep all systems up to date and conduct thorough scans to identify potential backdoors or vulnerabilities.
- Secure remote access services like VNC and RDP, restricting access through VPN with strong passwords and multi-factor authentication (MFA).
- Implement network segmentation, isolating critical servers within VLANs for enhanced security.
- Conduct comprehensive scans and audits across the network to identify vulnerable devices lacking necessary patches.
- Counterfeit LastPass App Discovered on Apple App Store
- Enhanced assurance for AWS Data Centers in India
- [CVSS 9+] F5 Warns of Critical BIG-IP Vulnerability
- Cyberattack Exposes 9 Million Patient Records in the US
- Hackers Providing Access to 3000 Fortinet SSL-VPN Systems
- CISA Exploited Vulnerabilities Catalog Lists Fortinet and Ivanti Flaws