Ransomware Groups Launching Dual Attacks, Targeting Same Victims Twice in 48 Hours: FBI

Ransomware attackers are carrying out dual attacks on victims within a timeframe of 48 hours, using different malware variants, the Federal Bureau of Investigation (FBI) has warned. These targeted attacks combine data encryption, exfiltration, and financial losses from ransom payments, leaving victims exposed to significant harm. The FBI has identified several ransomware families used by these groups, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These groups commonly target victims who have previously paid ransoms. To increase the chances of payment, ransomware groups employ custom data-theft capabilities, file wipers, and other types of malware. Some groups have added new code to existing data theft tools to avoid detection, while others use malware with dormant data wipers that corrupt data at specific intervals. These tactics put pressure on victims and expedite negotiations for ransom payment. The FBI advises organizations to implement proactive measures such as offline data backups, strong passwords, multi-factor authentication, and network segmentation to protect against ransomware attacks.