The Federal Bureau of Investigation (FBI) has released a notification that highlights two trends emerging across the ransomware environment.
The trends the FBI says itβs noticed since July 2023 are:
With multiple, or dual ransomware attacks, the FBI says cybercriminals deployed two different ransomware variants against victim companies, using the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These variants were deployed in various combinations.
This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Although some of the same principles apply, these tactics are even worse than experiencing a ransomware reinfection. Second ransomware attacks against an already compromised system could cause significant harm: Besides making it harder to remediate and causing extra delays in getting everything back up and running, it also frustrates and discourages those working on the affected systems.
According to the FBIβs data, the majority of ransomware incidents targeting the same victim take place within a 48-hour timeframe. The FBI report doesnβt say anything about the possible reasons why this is happening, but there are a few we could think off.
The second trend, according to the FBI, is that multiple ransomware groups have increased the use of custom data theft, wiper tools, and malware to pressure victims to negotiate. In some cases, new code was added to known data theft tools to prevent detection. In other cases in 2022, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals.
We can safely say that these are indeed tactics that may drive a victim to the negotiation table. Having a ticking time-bomb next to your network that may wipe critical data at a certain time will leave you looking frantically for the trigger and other ways to escape the ordeal.
The FBI wants victims to notify it of an attack. If your organization has experienced a ransomware event, you should provide law enforcement agencies with the most complete reporting possible. A complaint can be filed to the Internet Crime Complaint Center (IC3) here.
Organizations can also contact their local FBI field office, which will ask for the following information:
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.