The FBI is warning organizations of new trends in ransomware attacks, where victims are targeted by multiple file-encrypting malware families or with wipers.
As part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one another.
“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the agency notes.
The FBI says it observed different ransomware combinations being deployed in these attacks, leading to a mixture of data encryption, exfiltration, and financial losses associated with ransom payments.
The federal agency also notes that various ransomware attacks observed in 2022 were characterized by custom data theft tools, wipers, and malware, designed to pressure victims to negotiate with the attackers.
“In some cases, new code was added to known data theft tools to prevent detection. In other cases in 2022, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals,” the FBI says.
Organizations are advised to strengthen their defenses by securing all accounts with strong passwords and implementing phishing-resistant multi-factor authentication, auditing servers and cloud instances for unrecognized accounts, implementing time-based access for administrative accounts, implementing strict policies for remote access, and monitoring all external remote connections.
Furthermore, organizations should implement network segmentation, monitor all network activity and investigate abnormal behaviors, secure and monitor all remote desktop protocol (RDP) connections, use anti malware solutions, implement timely patching mechanisms, disable or restrict unused ports and services, create regular backups and store them securely, and implement recovery plans.
Additionally, the FBI encourages organizations to report all unusual or criminal activity and to establish and maintain a close relationship with local FBI offices, which can help in identifying and remediating vulnerabilities and threats.