Connect with us

Hi, what are you looking for?



FBI Warns Organizations of Dual Ransomware, Wiper Attacks

The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.

The FBI is warning organizations of new trends in ransomware attacks, where victims are targeted by multiple file-encrypting malware families or with wipers.

As part of this trend, which was observed in July 2023, the FBI notes in a new private industry notification, threat actors deploy two ransomware variants in close date proximity to one another.

“During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal,” the agency notes.

The FBI says it observed different ransomware combinations being deployed in these attacks, leading to a mixture of data encryption, exfiltration, and financial losses associated with ransom payments.

The federal agency also notes that various ransomware attacks observed in 2022 were characterized by custom data theft tools, wipers, and malware, designed to pressure victims to negotiate with the attackers.

“In some cases, new code was added to known data theft tools to prevent detection. In other cases in 2022, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals,” the FBI says.

Organizations are advised to strengthen their defenses by securing all accounts with strong passwords and implementing phishing-resistant multi-factor authentication, auditing servers and cloud instances for unrecognized accounts, implementing time-based access for administrative accounts, implementing strict policies for remote access, and monitoring all external remote connections.

Furthermore, organizations should implement network segmentation, monitor all network activity and investigate abnormal behaviors, secure and monitor all remote desktop protocol (RDP) connections, use anti malware solutions, implement timely patching mechanisms, disable or restrict unused ports and services, create regular backups and store them securely, and implement recovery plans.

Advertisement. Scroll to continue reading.

Additionally, the FBI encourages organizations to report all unusual or criminal activity and to establish and maintain a close relationship with local FBI offices, which can help in identifying and remediating vulnerabilities and threats.

Related: CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities

Related: Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks

Related: New Babuk-Based Ransomware Targeting Organizations in US, Korea

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.