Dual Ransomware Threat

Dual Ransomware ThreatThe FBI released a Private Industry Notification highlighting a new attack vector that used two or more ransomware variants in quick succession to exfiltrate business data. The notification stated that since July of this year, a trend has emerged of attackers deploying two different ransomware variants against the same company, causing significant damage to an already compromised business. New data theft and wiping tools have also been documented in the notification since 2022.

In the past, ransomware groups would wait around ten days for a second attack. The FBI notification shows some businesses are being attacked within 48 hours of the first breach. In some cases, credentials were sold while an attack was ongoing, causing a second hacker group to gain access and encrypt data. In these cases, the business may pay for an encryption key from the first attacker only to find more encrypted data. In a similar attack last year, an automotive supplier was attacked by three different ransomware strains in two months. The incident responders found some business data encrypted up to five times.

The FBI recommends many mitigations similar to our Q-Stack. They recommend maintaining offline backups and regularly practicing backup and restoration. Review third-party vendors and their access to your business data. Follow NIST password standards, which recommend longer passwords that only change once yearly with phishing-resistant multifactor authentication. Updated standards do not require frequent password changes because they are more likely to develop patterns that criminals can decipher.

The notification also recommends network segmentation so criminals cannot access the entire network if they breach one user. Users should only have access to the business data they need to do their job. The notification also recommends keeping operating systems, business software, and firmware up to date so the latest patches and updates from the manufacturer protect your data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright