View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 29, 2023updated 02 Oct 2023 9:55am

Double trouble? Dual ransomware attacks could be latest cybercrime trend

By combining two different strains of the same malware, hackers are causing twice the havoc for victims.

By Claudia Glover

Dual ransomware attacks, where a gang will attack a company twice in a few hours, have been flagged by the FBI as a growing cybercrime trend. The US security agency has warned that such attacks often utilise two different strains of the same ransomware to inflict maximum damage, and can result in a combination of data encryption, exfiltration and financial losses from ransomware payments for victims.

dual ransomware attacks
FBI warns of dual ransomware attacks. (Photo by Dzelat/Shutterstock)

Ransomware strains being used in this way are AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. The FBI advises companies to make backups and encrypt them in order to protect themselves against this level of attack. 

The trend of dual ransomware attacks began in early 2022, the FBI believes. “Multiple ransomware groups increased use of custom data theft, wiper tools, and malware to pressure victims to negotiate” at this time, and “in some cases, new code was added to known data theft tools to prevent detection.”

In other cases in 2022, malware “containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals”.

How businesses can protect themselves from dual ransomware attacks

The flash warning released by the FBI advises that companies ought to implement mitigatory procedures to protect themselves from such attacks. The bureau advises that companies keep detailed, regular backups and that they ensure these backups are encrypted, as backups will often be targeted during an attack.

The FBI also suggests reviewing software supply chains and the security set-up of vendors used by businesses. “Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity,” states the advisory. “Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy,” it warns. 

The law enforcement agency goes on to urge unprotected companies to document and monitor external remote connections, so that it can implement remote management and maintenance in the event of an attack, and create a recovery plan, where multiple copies of sensitive or proprietary data and servers are kept in a physically separate place to the originals. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“The FBI further recommends organisations review and, if needed, update incident response and communication plans that list actions an organisation will take if impacted by a cyber incident,” the agency said.

Read more: FBI takes down Qakbot network used by ransomware gangs

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.