FBI Dual ransomware attack victims now get hit within 48 hours
pMicrosoft fixes critical Azure CLI flaw that leaked credentials in logsppLockBit ransomware exploits Citrix Bleed in attacks 10K servers exposedppMicrosoft November 2023 Patch Tuesday fixes 5 zerodays 58 flawsppEthereum feature abused to steal 60 million from 99K victimsppIPStorm botnet with 23000 proxies for malicious traffic dismantledppWP Fastest Cache plugin bug exposes 600K WordPress sites to attacksppNew Reptar CPU flaw impacts Intel desktop and server systemsppVMware discloses critical VCD Appliance auth bypass with no patchppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppThe FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims networks to encrypt systems in under two daysppFBIs warning comes in the form of a Private Industry Notification prompted by trends observed starting July 2023ppThe federal law enforcement agency explains that ransomware affiliates and operators have been observed using two distinct variants when targeting victim organizations Variants used in these dual ransomware attacks include AvosLocker Diamond Hive Karakurt LockBit Quantum and RoyalppThis use of dual ransomware variants resulted in a combination of data encryption exfiltration and financial losses from ransom payments the FBI saidppSecond ransomware attacks against an already compromised system could significantly harm victim entitiesppIn contrast to the past when ransomware groups typically required a minimum of 10 days to execute such attacks now the vast majority of ransomware incidents targeting the same victim take place within a mere 48hour timeframe of each other according to FBIs datappCoveware CEO CoFounder Bill Siegel also told BleepingComputer that doubleencryption has been a thing for years with some companies facing reextortion as the threat actor does not provide decryptors for both ransomware attacksppThere are some threat actor groups that intentionally use two different variants on every attack For instance we regularly see MedusaLocker and Globemposter used at the same time by the same threat actor on a single victim Siegel saidppSituations where the initial access broker sells access to the network to two different ransomware affiliates that use different brands of ransomware Both affiliates are then in the network impacting machines in close time proximity to each otherppAdditionally the FBI says that starting in early 2022 multiple ransomware gangs have begun adding new code to their custom data theft tools wipers and malware to evade detectionppIn other incidents malware containing datawiping functionality was configured to remain dormant on compromised systems until a predetermined time At that point it would execute to destroy data on targets networks at periodic intervalsppIn one such attack that started last year in April an automotive supplier was breached three times by LockBit Hive and ALPHVBlackCat affiliates within just two months according to Sophos XOps incident respondersppWhile the victim organization was busy restoring systems encrypted with LockBit and Hive ransomware after the first breach an ALPHVBlackCat affiliate connected to previously compromised devices to steal data andonce againlock files with their own encrypterppTo make things even worse the incident responders discovered that some of the victims files had been encrypted up to five timesppBecause the Hive attack started 2 hours after Lockbit the Lockbit ransomware was still running so both groups kept finding files without the extension signifying that they were encrypted the Sophos team saidppThe FBI advises organizations to maintain close connections with FBI Field Offices in their region These relationships will allow the FBI to aid with the identification of vulnerabilities and the mitigation of potential threatrelated activitiesppNetwork defenders are also advised to apply mitigation measures included in the FBIs Private Industry Notification published on Thursday to limit the attackers use of common system and network discovery techniques and reduce the risk of ransomware attacksppTheyre urged to keep all systems uptodate and conduct thorough scans of their infrastructures to identify potential backdoors or vulnerabilities introduced by the attackers as failsafes that would enable them to regain access to the network if their access is blockedppDefenders should also secure services like VNC RDP and other remote access solutions accessible from external sources Access should be restricted solely through VPN and exclusively granted to accounts with strong passwords and enforced multifactor authentication MFAppAnother recommended practice includes network segmentation where critical servers are isolated within VLANs to enhance security Furthermore conducting comprehensive scans and audits across the entire network is crucial to identifying devices vulnerable to exploitation due to a lack of necessary patchesppFBI Royal ransomware asked 350 victims to pay 275 millionppFBI Ransomware gangs hack casinos via 3rd party gaming vendorsppCISA FBI urge admins to patch Atlassian Confluence immediatelyppFBI shares AvosLocker ransomware technical details defense tipsppFBI Avoslocker ransomware targets US critical infrastructureppNot a member yet Register NowppIsrael warns of BiBi wiper attacks targeting Linux and WindowsppMicrosoft November 2023 Patch Tuesday fixes 5 zerodays 58 flawsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2023 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp