The US Federal Bureau of Investigation (FBI) has issued a Non-public Trade Notification highlighting two regarding traits on this planet of ransomware assaults.
As of July 2023, the FBI noticed a rising incidence of twin ransomware assaults on the identical sufferer inside shut date proximity and a shift in the direction of new knowledge destruction ways in ransomware incidents.
In these twin ransomware assaults, cyber menace actors are deploying two totally different ransomware variants towards sufferer firms, together with AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum and Royal.
This strategy combines knowledge encryption, exfiltration and ransom funds, inflicting important hurt to compromised techniques. The FBI warns that second ransomware assaults towards already compromised entities might exacerbate the affect.
Furthermore, a troubling improvement noticed by the FBI in 2022 concerned ransomware teams using customized knowledge theft and wiper instruments to strain victims into negotiating.
Some circumstances noticed new code built-in into recognized knowledge theft instruments to evade detection. Others witnessed malware with knowledge wipers mendacity dormant till a set time earlier than corrupting knowledge at intervals.
FBI Suggestions for Countering Ransomware:
Keep offline knowledge backups
Guarantee knowledge backups are encrypted and immutable
Evaluation third-party distributors’ safety posture
Implement utility itemizing insurance policies for managed execution
Learn extra on cybersecurity suggestions: CISA, FBI, MS-ISAC Publish Tips For Federal Companies on DDoS Assaults
It additionally suggested strengthening identification and entry administration (IAM) by implementing multifactor authentication (MFA) and conducting audits of person accounts with administrative privileges.
The FBI additional emphasised the significance of community segmentation, monitoring, and endpoint detection and response instruments to detect irregular actions. Common updates to software program, disabling unused ports and safety function enablement are additionally really useful.
In response to those traits, organizations are inspired to report suspicious or legal actions to their native FBI area workplaces or ic3.gov. The FBI highlighted its partnership with the US Joint Ransomware Process Drive (JRTF) to streamline responses and collaborate with private and non-private sectors in addressing the rising menace of ransomware assaults.