Multiple Extortionists May Hijack Networks in 48 Hours

FBR Warns about New Trend in Robber Program Attacks
The Federal Bureau of Investigation (FBI) has issued a warning regarding a new trend in the attacks carried out by robber programs. Attackers are now using multiple varieties of extortion software to encrypt victim systems for a period of only two days. This information was disclosed in a private notification for the industry, prompted by observed trends starting in July 2023. The FBI urges organizations to take necessary precautions to protect themselves. Previously, extortionists typically required at least 10 days to perform such attacks. However, the FBI has noticed an alarming rise in the number of incidents where hackers target the same victim within a span of only 48 hours. This new approach involves the use of two separate options for extortion programs in the attacks. Some of the options that have been identified include Avoslocker, Diamond, Hive, Karakurt, Lockbit, Quantum, and Royal. This combination of data encryption, exfiltration, and financial losses has led to increased risks and damages. In a case from last year, an automobile supplier fell victim to three separate attacks in just two months. The attacks were carried out by the Lockbit, Hive, and ALPHV/Blackcat groups. After the first hacking, while the organization was working on restoring the systems encrypted by Lockbit and Hive, the ALPHV/Blackcat group gained access to the compromised devices and proceeded to steal data and encrypt files. This highlights the level of sophistication and persistence exhibited by these ransomware groups. In light of these developments, the FBI advises organizations to establish close connections with local FBI departments, allowing for better collaboration in identifying vulnerabilities and mitigating potential threats. Furthermore, it is crucial to ensure the safety of remote access solutions such as VNC and RDP. Access to these should be restricted solely through virtual private networks (VPNs) and granted only to authorized individuals with strong passwords and multifactor authentication (MFA) enabled.

FBR Warns about New Trend in Robber Program Attacks

The Federal Bureau of Investigation (FBI) has issued a warning regarding a new trend in the attacks carried out by robber programs. Attackers are now using multiple varieties of extortion software to encrypt victim systems for a period of only two days. This information was disclosed in a private notification for the industry, prompted by observed trends starting in July 2023. The FBI urges organizations to take necessary precautions to protect themselves.

Previously, extortionists typically required at least 10 days to perform such attacks. However, the FBI has noticed an alarming rise in the number of incidents where hackers target the same victim within a span of only 48 hours. This new approach involves the use of two separate options for extortion programs in the attacks. Some of the options that have been identified include Avoslocker, Diamond, Hive, Karakurt, Lockbit, Quantum, and Royal. This combination of data encryption, exfiltration, and financial losses has led to increased risks and damages.

In a case from last year, an automobile supplier fell victim to three separate attacks in just two months. The attacks were carried out by the Lockbit, Hive, and ALPHV/Blackcat groups. After the first hacking, while the organization was working on restoring the systems encrypted by Lockbit and Hive, the ALPHV/Blackcat group gained access to the compromised devices and proceeded to steal data and encrypt files. This highlights the level of sophistication and persistence exhibited by these ransomware groups.

In light of these developments, the FBI advises organizations to establish close connections with local FBI departments, allowing for better collaboration in identifying vulnerabilities and mitigating potential threats. Furthermore, it is crucial to ensure the safety of remote access solutions such as VNC and RDP. Access to these should be restricted solely through virtual private networks (VPNs) and granted only to authorized individuals with strong passwords and multifactor authentication (MFA) enabled.

/Reports, release notes, official announcements.