In a recent Private Industry Notification, the FBI raised the alarm over an emerging ransomware technique that sees cybercriminals deploying multiple malware strains on victim networks.
This advancement allows them to encrypt entire systems in as little as two days, a notable escalation from the traditional 10 days observed in previous methods.
The notification, based on observations since July, details that ransomware operators and affiliates have started using two separate malware variants in tandem to enhance the efficiency and potency of their attacks. The variants include Hive, Diamond, AvosLocker, Quantum, Royal, LockBit and Karakurt.
"This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments," reads the FBI's announcement. "Second ransomware attacks against an already compromised system could significantly harm victim entities."
It's important to note that the swift timeline of these attacks means that victims could face a secondary assault within 48 hours of the initial breach, significantly shortening the previous week-long wait time.
Though the technique of using double ransomware isn't new, as highlighted by BleepingComputer, its renewed prevalence presents growing concerns.
There's an observed trend of threat actors not supplying decryption keys for both malware variants upon ransom payment, leaving victims vulnerable to subsequent extortions. Additionally, in some dire situations, the malware has been found to remain dormant on affected systems, periodically wiping data network-wide at preset intervals.
The report also mentions initial access brokers selling access to compromised networks to different ransomware affiliates. Each of these affiliates then uses its specific ransomware strain, doubling the impact on the victim's network.
The FBI has also recommended crucial mitigations: