In August of this year, the Federal Bureau of Investigation (FBI) issued a warning regarding a concerning trend affecting numerous companies across North America since July 2023. This emerging threat, known as “Dual Ransomware” attacks, entails digital assaults targeting the same victim within a time-frame spanning from 48 hours to 7 days.
To put it plainly, a dual ransomware attack occurs when a company falls victim to a file-encrypting attack, regardless of whether it involves double extortion. The consequences are consistent: financial losses, the illicit extraction of sensitive information, and the complete lockdown of data access.
While concrete evidence pinpointing the exact motivations behind these attacks remains elusive, security analysts suggest that various factors may be contributing to their prevalence. These factors include inadequate technical support within targeted organizations to rectify vulnerabilities susceptible to dual ransomware, mis-configurations in applications or cloud environments, and the absence of a pre-established business continuity plan to address such situations, among other potential catalysts.
According to a survey conducted by a dark web-affiliated hacking group, nearly 19 companies have fallen victim to these attacks since July 2023. Notably, two of these targeted entities were Fortune 500 companies, boasting annual revenues in the millions.
Interestingly, none of these attacks have been officially documented; they only came to light when company representatives sought assistance from freelance forensic experts to negotiate with the hackers.
The culprits behind these sophisticated digital assaults remain shrouded in mystery. However, the FBI’s private industry notification has raised concerns about the involvement of various Ransomware-as-a-Service (RaaS) groups, such as Royal, Quantum, 3AM Ransomware, LockBit, Karakurt, Hive, Diamond, and Avoslocker, either directly orchestrating these attacks or having connections to the encryption code employed on the compromised computer networks.
In a noteworthy revelation, Emsisoft researchers have traced the origins of dual encryption as a criminal tactic introduced in 2020-21, coinciding with the widespread lockdowns and the surge in remote work culture during the COVID-19 pandemic.
The primary defense against such attacks lies in implementing robust identity and access management measures. These include enforcing strong passwords, deploying multi-factor authentication (MFA) systems that are resistant to phishing attempts, and implementing time-based access controls for accounts holding administrative privileges. Additionally, conventional security practices such as keeping operating systems up to date, regularly updating antivirus solutions, securing network protocols, patching firmware vulnerabilities, disabling unused ports, and monitoring the activities on Bring Your Own Device (BYOD) devices continue to be essential safeguards against these evolving cyber threats.