A black laptop with a padlock on its screen, and a hand holding a key in front of it.

Royal Ransomware: US Agencies Warn Of Rising Threat

Royal Ransomware is becoming an increasingly significant threat to critical infrastructure sectors, as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a warning.

In their joint advisory, the authorities have expressed concern about the growing danger that this type of cyberattack poses.

The advisory also made clear that cybercriminals continue to use phishing emails as a very effective technique for executing attacks. In reality, phishing has been responsible for the majority of attacks that have been monitored up to this point. This emphasises the necessity for everyone to be cautious when dealing with strange emails and to watch out for possible cyberattack risks.

The Department of Health and Human Services (HHS) issued a warning stating that attackers had been using the Royal Ransomware to attack several healthcare groups in the US. This warning came from the HHS security team who let everyone know about it back in December 2022.

In addition to a list of tactics, methods, and procedures (TTPs) linked, the FBI and CISA disclosed breach indicators to help users in identifying and blocking attempts to get the Royal Ransomware payload into their networks.

Many people have sent their files to ID-Ransomware to determine what type of ransomware has affected them. The results indicate that a gang that targets large businesses has been very active since the end of January. This demonstrates the extent of the damage this ransomware group can inflict on its victims.

Royal ransomware submissions
Royal Ransomware submissions (ID-Ransomware)

Don’t Pay to Ransomware

According to the FBI, if you pay a ransom to cybercriminals, it could potentially encourage other cybercriminals to join in on the attacks. Experts highly recommend that victims of Royal Ransomware contact their local FBI field office or CISA and report the incident, regardless of whether they have paid a ransom or not.

Ransomware is a serious problem that’s becoming more and more common these days. It is essentially a way for cybercriminals to make a lot of money by locking up your computer or your company’s data and demanding payment in exchange for the key to unlock it. It’s a real threat to any organisation that uses technology and recovery is not always easy. In fact, sometimes it’s cheaper to just pay the ransom than to try and restore everything from a backup.

However, it’s important to remember that by paying the ransom, you are essentially supporting the criminals and their business model. This just encourages them to keep doing it and puts everyone at risk.

In February 2023, researchers confirmed that Royal Ransomware can now attack both Windows and Linux systems. Unfortunately, this nasty piece of software has already caused havoc with 19 reported attacks in January 2023 alone.

A new version of the malicious software recently appeared that can lock up Linux-based devices. It is targeting VMware ESXi-powered virtual machines.

The cybercriminals behind this scheme, who call themselves the “Royal operators” aim to encrypt the computer systems of companies and ask for a massive amount of money to release them. The price tag for their demands can vary quite a lot, ranging from a quarter of a million dollars to tens of millions per attack.

This particular ransomware group is unique because they use social engineering to trick businesses into unwittingly installing remote access software. They do this through what’s known as callback phishing, where they pose as legitimate software providers or even food delivery companies to fool people into downloading their dodgy software. It’s a sneaky approach that sets them apart from the rest.

It’s a good idea to have backup copies of your important data stored in a separate location, away from your main system, and safe from any potential attackers. To be on the safe side, it’s also a good practice to test your backups regularly to ensure that you can quickly restore your vital business operations if something goes wrong.

Dealing with the aftermath of a ransomware attack can be a real mess! So it’s wise to have a plan in place that covers all the necessary steps you’ll need to take. This plan should include isolating the infection, keeping all stakeholders informed about what’s going on, and figuring out how to restore your systems.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology (none of which can spot 100% of phishing emails), you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts