Since at least July 2023, the FBI in the United States has been issuing warnings about a concerning new trend: simultaneous ransomware attacks targeting the same victims.

According to an FBI advisory, these dual ransomware attacks involved two distinct versions selected from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. These variants were utilized in various configurations.

[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing

While specific details regarding the scale of these attacks remain limited, they are believed to unfold swiftly—ranging from as short as 48 hours to a maximum of 10 days.

A concerning trend is the increased utilization of malware, wiper tools, and customized data theft in ransomware attacks aimed at intensifying pressure on victims to comply with ransom demands.

The agency highlighted, “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments,” They emphasized the potentially severe impact of “Second ransomware attacks against a system that has already been compromised could significantly harm victim entities.”

Dual Ransomware Attacks

It’s essential to highlight that dual ransomware attacks have been documented as early as May 2021, indicating they’re not a recent phenomenon.

Sophos reported last year that a triple ransomware attack involving Lockbit, Hive, and BlackCat targeted an unnamed automotive supplier for a duration of two weeks in April and May 2022.

Additionally, earlier this month, Symantec disclosed specifics of a 3 AM ransomware attack targeted at an undisclosed victim. The attempt to introduce LockBit into the target network had failed, revealing the evolving tactics used by ransomware actors.

This shift in tactics is influenced by the exploitation of zero-day vulnerabilities and the emergence of initial access brokers and affiliates in the ransomware ecosystem. These entities have the ability to resell access to victim systems and rapidly deploy multiple strains, emphasizing the evolving and sophisticated nature of ransomware operations.

To enhance defence against ransomware, organizations are advised to bolster their security measures. This includes maintaining offline backups, monitoring external remote connections and remote desktop protocol (RDP) usage, implementing phishing-resistant multi-factor authentication, conducting regular audits of user accounts, and adopting network segmentation strategies.

If you’re interested in reading more articles like this, please consider following us on LinkedIn and Twitter for access to our unique and informative content.


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center