Read Time:1 Minute, 37 Second
Three well-known ransomware gangs—Hive, LockBit, and BlackCat—concurrently targeted an unnamed automotive supplies company over 14 days, according to the whitepaper “Multiple Attackers: A Clear and Present Danger” from Sophos X-Ops.
The first two intrusions happened within two hours, while the third occurred two weeks later. Some data was triple encrypted, and each ransomware gang left its ransom demand in the ransom note.
In The Importance of Being Earnest, Oscar Wilde famously penned, “To lose one parent, Mr Worthing, may be viewed as a misfortune; to lose both seems like carelessness.” Similarly, being attacked by ransomware once may not be favourable, but three times in two weeks represents poor security.
When attackers targeted the same system in the past, the attacks typically took months or years. However, the attacks detailed in Sophos’ whitepaper occurred within days or weeks and, in one instance, simultaneously. Frequently, various attackers access the target’s network through the same weak entry point.
It is typically more difficult for numerous attackers to operate simultaneously because criminal organisations fight for resources. BlackCat, the final ransomware group on the system, removed not only traces of their activity but also deleted activities of LockBit and Hive.
According to Sophos, it’s uncommon for criminal organisations to cooperate. Many crypto mining and remote access trojan (RAT) exploits marketed on illicit forums boast about their capacity to “kill” other malware on the system.
Senior Threat Researcher at Sophos X-Ops Matt Wixey remarked, “Recent case studies from our MDR and RR teams help illustrate the question of how these attacks transpire; cooperation and competition among threat actors can explain the why.”
How can organisations strategically mitigate multi-attack measures with ransomware gangs joining forces to exploit networks for ransom profit?
Sophos claims multiple exploitations happen due to failure to resolve vulnerabilities and misconfigurations after the initial attack, which leaves the door open for additional attacks—this concern requires an immediate response.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
