In the ever-evolving landscape of cyber threats, a new type of attack has emerged: dual ransomware attacks. This malevolent technique involves cyber criminals launching not one, but two ransomware attacks on a single target. The first attack serves as a distraction, often relatively easy to detect, while the second attack remains hidden and wreaks havoc behind the scenes. This double-edged approach presents a significant challenge to organizations, as it requires them to not only identify and respond to the initial ransomware attack but also uncover the covert second attack. The rise of dual ransomware attacks highlights the need for organizations to bolster their cybersecurity defenses and adopt a multi-layered approach to protect against sophisticated and relentless threats.
GroupSense CEO Kurtis Minder was featured in InformationWeek speaking on the trend.
Kurtis Minder, CEO of GroupSense, a digital risk protection services company, points out that LockBit has adapted its platform to deploy multiple kinds of encryption tools. “They're using a ransomware deployment platform that can deploy multiple kinds of ransomware malware at a time,” he tells InformationWeek. “So, the fact that they've just written [that] into the code I think is an indicator that we are going to continue to see it.”
It is also possible that initial access brokers are playing a role in dual attacks. It is typically considered taboo for these brokers to resell access after it has been purchased by one threat actor, according to Hilligoss. But that could be changing. “Maybe this indicates that access brokers are just selling … more freely,” he says.
Check out the full article here to learn more about how dual ransomware attacks might affect your organization.