Dual Ransomware attack on organisation

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.

"During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations. 

Two or More Ransomware Variants Impacting the Same 

Victims and Data Destruction Trends

Summary

The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to 

highlight emerging ransomware trends and encourage organizations to implement the 

recommendations in the “Mitigations” section to reduce the likelihood and impact of incidents 

" This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments," the agency said. "Second ransomware attacks against an already compromised system could significantly harm victim entities."

Based on zscaler 

What Is Double Extortion Ransomware?

Double extortion ransomware is a type of cyberattack in which threat actors exfiltrate a victim’s sensitive data in addition to encrypting it, giving the criminal additional leverage to collect ransom payments. A typical ransomware attack will only encrypt a victim’s data. The additional threat of exfiltration makes this attack especially dangerous for organizations in all industries.

philosophy, cybersecurity teams should implement these policies to further reduce the attack surface and mitigate the ransomware threat:

  • Enforce a consistent security policy to prevent initial compromise. With a distributed workforce, it's important to implement a secure access service edge (SASE) architecture that provides authentication and enforces consistent security policy no matter where users are working.
  • Deploy inline data loss prevention. Prevent exfiltration of sensitive information and keep data leak sites to a minimum with trust-based data loss prevention tools and policies to thwart double extortion techniques.
  • Keep software and training up to date. Apply software security patches and conduct regular security awareness employee training to reduce vulnerabilities that can be exploited by cybercriminals.
  • Have a response plan. Prepare for the worst with cyber insurance, a data backup plan, and a response plan as part of your overall business continuity and disaster recovery program.

The Zscaler Zero Trust Exchange

Zscaler has the industry’s most comprehensive ransomware protection for your network and cloud, with protections across the ransomware attack sequence, including initial compromise, lateral movement, and data exfiltration.

Zscaler monitors 200 billion transactions per day during peak periods across its global platform, blocking threats and sharing threat intelligence with customers around the world to facilitate zero trust security. We partner with leading security providers to ensure you have coordinated visibility and response capabilities across your entire security eco system


What are the two 2 main types of ransomware?
In particular, two types of ransomware are very popular:
  • Locker ransomware. This type of malware blocks basic computer functions. ...
  • Crypto ransomware. The aim of crypto ransomware is to encrypt your important data, such as documents, pictures and videos, but not to interfere with basic computer functions.

How many ransomware attacks per second?
19 ransomware attacks
There are 1.7 million ransomware attacks every day which means every second 19 ransomware attacks. The first half of 2022 saw nearly 236.7 million ransomware attacks world-wide

What are the 2 types of ransomware and its function?
Unlike crypto-ransomware, Locker ransomware does not encrypt files. Instead goes one step further, and it locks the victim out of their device. In these types of attacks, cybercriminals will demand a ransom to unlock the device.

Why it is called ransomware?
Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline.


What is another name for ransomware?
Ransomware may also be referred to as a crypto-virus, crypto-Trojan or crypto sworn





Comments

Post a Comment

Popular posts from this blog

July 2024 Patch Tuesday Unleashes a Torrent of Updates

to a pair of cowboy fighter pilots (ahem, naval aviators) in  Top Gun . Less well known, but still  Alive And Kicking  (like the song released the same year by Simple Minds), the TIFF image file format also was introduced that year by Aldus Corporation, now known as Adobe. This CVE addresses a critical, easily exploitable vulnerability specific to this 38-year-old file format. A specially-crafted, malicious TIFF file, uploaded to a vulnerable server, could have triggered the server that receives the file to execute malicious code embedded in the TIFF file. Patch your servers to take them out of the danger zone. CVE-2024-38032 – Microsoft Xbox Remote Code Execution Vulnerability Users of the Xbox gaming console who also happen to have a wireless adapter, and connect wirelessly to their local network, should beware of strangers lurking on their network who can attack these devices. The (so far) hypothetical threat is that someone who is connected to your wireless network ca...
Read more

CVE-2023-26369 Adobe acrobat update

Adobe's  Patch Tuesday update  for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe did not disclose any additional details about the issue or the targeting involved. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company  acknowledged  in an advisor CVE-2023-26369 affects the below versions - Acrobat DC (23.003.20284 and earlier versions) - Fixed in 23.006.20320 Acrobat Reader DC (23.003.20284 ...
Read more

US court holds Israeli spyware liable for hacking Meta’s WhatsApp

Image
Gujarat India NRI News Entertainment Sports Lifestyle & Fashion Health Business World Science & Technology VIDEO GUJARATI E-PAPER SEARCH Gujarat Samachar World US court holds Israeli spyware liable for hacking Meta’s WhatsApp Updated: Dec 22nd, 2024 A US court on Friday held in favour of tech giant WhatsApp in a lawsuit accusing Israel’s NSO Group Technologies Ltd of exploiting a bug in the messaging app to install spy software that allowed unauthorised surveillance. US District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract. According to the court document, “WhatsApp filed this lawsuit, alleging that defendants sent malware, using WhatsApp’s system, to approximately 1,400 mobile phones and devices designed to infect those devices to surveil the users of those phones and devices.”  The targets included journalists, human rights activists and dissidents. Among the 1,400 mobile phones th...
Read more