Neglect a couple of single ransomware assault the place one hacker or a hacking group focused a community, contaminated it with ransomware and demanded ransom to decrypt the info hijacked. Prepare for a number of ransomware assaults on the identical community, one after the opposite, utilizing the identical susceptible door to enter the community.
Hackers have stepped up the assaults by launching a well-orchestrated assaults the place a couple of hacker or hacking group targets a community, encrypt the info greater than as soon as and posing a number of ransom calls for to launch the info.
This might make the method of reclaiming the info extra cumbersome.
Cybersecurity specialists have discovered cases the place at the least three hacking groups- Hive, LockBit and BlackCat- launched consecutive assaults on the identical community.
“The primary two assaults passed off inside two hours, and the third assault passed off two weeks later. Every ransomware gang left its personal ransom demand, and among the recordsdata had been triple encrypted,” cybersecurity options agency Sophos has mentioned, referring to 1 specific instance.
Additionally learn:Ransomware assaults on academic establishments shoot up sharply: Sophos’ report
It appears there is no such thing as a overt enmity or antagonism between the ransomware teams. They don’t thoughts working collectively in launching coordinated assaults on the identical networks.
“It’s unhealthy sufficient to get one ransomware observe, not to mention three,” mentioned John Shier, senior safety advisor at Sophos.
In a whitepaper on ‘A number of Attackers: A Clear and Current Hazard,’ the agency mentioned a number of attackers can create a complete new stage of complexity for restoration, significantly when community recordsdata are triple encrypted.
It felt that prevention, detection and response are very crucial for organisations of any measurement and kind to safe the info, which may trigger extreme losses. No enterprise is immune.
The report additionally cites examples of ‘overlapping cyberattacks’, which embrace cryptominers, distant entry trojans (RATs) and bots.
Previously, when a number of attackers have focused the identical system, the assaults normally occurred throughout many months or a number of years. Some assaults now are occurring inside days or perhaps weeks of one another. In a single case, assaults occurred concurrently.
“We don’t have proof of collaboration, nevertheless it’s doable this is because of attackers recognising that there are a finite variety of ‘assets’ in an more and more aggressive market,” Shier mentioned.
“Maybe, they’re having discussions at a excessive stage, agreeing to mutually useful agreements, for instance, the place one group encrypts the info and the opposite exfiltrates,” he identified.
“Whereas the rise in a number of attackers remains to be primarily based on anecdotal proof, the provision of exploitable techniques provides cybercriminals ample alternative to proceed heading on this path,” the report mentioned.
August 13, 2022