Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







FBI Alert: Evolving Ransomware Risks

Executive Summary

The Federal Bureau of Investigation (FBI) has issued an alert for the private industry regarding an emergence in ransomware attack trends since July 2023.

In these attacks, perpetrators are employing a new strategy by deploying multiple strains of ransomware on victims’ networks, resulting in the encryption of systems within a remarkably short time frame, typically under 48 hours.

Notably, this approach involves the simultaneous use of two distinct variants of ransomware, leading to the encryption of data, exfiltration of sensitive information, and significant financial losses for the targeted organizations.

The FBI has also shared recommended mitigations in response to the new activity trends to help reduce the risk of attacks and protect organizations from potential harm.

FBI’s Observations

Ransomware affiliates and operators have adopted a concerning new approach, as observed by the FBI.

They are now utilizing two distinct ransomware variants concurrently in their attacks. These dual ransomware attacks involve the deployment of variants such as AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.

This strategy results in a combination of data encryption, exfiltration, and financial losses stemming from ransom payments, posing a significant threat to victim organizations.

This trend marks a departure from the past, where ransomware groups typically required a minimum of 10 days to execute such attacks.

Presently, the majority of ransomware incidents targeting the same victim occur within a remarkably short 48-hour timeframe.

To add to the complexity, ransomware gangs have introduced new code into their tools to evade detection.

Additionally, certain malware includes data-wiping functionality that remains dormant on compromised systems until a predefined time, at which point it executes and destroys data at periodic intervals.

These observations emphasize the evolving tactics and heightened risks associated with ransomware attacks in recent times.

Key highlights from the mitigations recommended by FBI:

  • Maintain close connections with FBI Field Offices to identify vulnerabilities and mitigate threats.
  • Apply the mitigation measures outlined in the FBI’s Private Industry Notification to reduce attackers’ utilization of common system and network discovery techniques.
  • Keep all systems up to date and conduct thorough scans to identify potential backdoors or vulnerabilities.
  • Secure remote access services like VNC and RDP, restricting access through VPN with strong passwords and multi-factor authentication (MFA).
  • Implement network segmentation, isolating critical servers within VLANs for enhanced security.
  • Conduct comprehensive scans and audits across the network to identify vulnerable devices lacking necessary patches.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.