What’s the deal with dual-threat ransomware?

Earlier this month, the FBI issued a flash alert about an increasing cybercrime trend: dual ransomware attacks, where hackers will unleash two different infiltration attempts in the space of a few hours. The goal is to inflict as much damage as possible through data encryption, exfiltration, and financial blackmail.

Hackers will even sometimes try to demand two different ransom payments for the return of two sets of data—reasoning with panicked businesses that it requires twice as much work to return data stolen via new ransomware strains like AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.

This dual-attack or double-take trend began in 2022, according to the FBI. As ransomware attacks were unleashed on multiple industries in countless international locations, hackers increased their use of specialized data theft and hard drive erasure tools to force their victims to negotiate.

In some cases, the FBI reports, savvy hackers would embed multiple layers of ransomware code into systems to stymie attempts at simply wiping a computer clean and rebooting it fresh. In others, hackers would schedule malware strains to lay dormant for days or weeks, then execute in alternating intervals and unleash devastating data corruption.

How Can Businesses Protect Themselves From Such Complex Attacks?

It starts with the most important step: detailed data backups executed regularly, then stored in multiple locations with enhanced levels of encryption. Data backups stored on local hard drives or extra computers will often be targeted by dual-attack ransomware. That’s why backups housed on redundant, off-site cloud servers are so important. In the event of a ransomware attack that infects all connected devices, having recent backups in a remote location can serve as a surefire insurance policy, giving you access to your information without paying a ransom.

Here are a few more cybersecurity strategies that CMIT Solutions recommends:

• Learn how to identify phishing attempts. Phishing is a deceptive tactic used by cybercriminals to trick individuals into divulging sensitive information, such as login credentials or financial details, or clicking on illicit links or infected attachments. A well-crafted phishing email can be nearly indistinguishable from a legitimate communication. Multi-layered email security is designed to detect and block phishing attempts before they reach your inbox, but users can also educate themselves about how to spot deceptive ploys.
• Defend against malicious attachments. Phishing emails may include files that seem harmless at first glance. But these fake shipping notifications or spoofed spreadsheets can unleash malicious code when opened, locking up data and shutting down applications as ransomware infects the entire computer. Good cybersecurity tools will scrutinize documents for malware or other malicious content before they land in your email account, quarantining anything suspicious in a sandbox and preventing the user from downloading or opening the file.
• Ensure all connections between outside vendors and external software applications are monitored and reviewed for suspicious activity. These third-party connections are often targeted first by hackers since remote access protocols can allow them to easily compromise a system. Clearly stated security policies and processes can permit only approved systems and verified users to access a network.
• Restrict access to sensitive portals or information. If you work in an industry or a location governed by regulations like HIPAA, FERPA, or GDPR, your best bet is to limit the number of employees who have access to critical data from the start. Dole out privileges only on a need-to-have or need-to-know basis to reduce the number of potential threat vectors associated with remote access protocols.
• Implement plans for recovery, continuity, and response. This is the next step beyond data backup, outlining specific steps that must be executed once infected computers are wiped clean and backed-up information is restored. Disaster recovery, business continuity, and incident response can help any business bounce back quickly from a ransomware attack, outlining communication needs and action items for every step of the process. With overlapping protections, these policies and procedures can protect against dual-attack ransomware threats.
• Give employees the training they deserve. Ransomware prevention isn’t solely achieved through complicated IT tools. Instead, it extends to the people who use them. Sophisticated social engineering tactics may try to trick specific users with personalized messages that look and seem real. Again, a request to check a shared document or open an attachment can lead to ransomware infection, so regular training and awareness programs can help your team recognize those attempts and stop them in their tracks.
• Keep software and hardware up to date. Aside from email-based attempts, ransomware can often be executed simply by taking advantage of vulnerabilities in old operating systems or outdated applications. A trusted IT provider can help you install the latest software updates and security patches during off-hours and behind the scenes of day-to-day operations to avoid any disruptions.

Ransomware threats aren’t slowing down any time soon, and these dual-attack attempts represent a new twist on the old problem. That’s why comprehensive cybersecurity protection and enhanced email security are so important. Email is the primary communication channel for individuals and businesses—and since it’s used every day, on every device, by every employee, any negative effect on it can be devastating.

At CMIT Solutions, we help clients across North America reduce the risk of malicious attacks and avoid costly ransomware infections. By prioritizing email security, you can safeguard your company’s digital identity, protect valuable data, and ensure the continued trust of your clients.

Want to know more? Concerned you’ve been struck by a dual-attack ransomware attempt? Contact CMIT Solutions today.