Royal Ransomware Attacks Still on the Rise
We have been warning against Royal ransomware for some time now, but unfortunately, it is still on the rise. Last week, the FBI and the US Cybersecurity Agency (CISA) issued a joint advisory, stating that Royal ransomware has claimed multiple victims globally and across multiple vertical markets. This ransomware gang was first observed in early 2022.
It evolved from relying on third-party ransomware to now deploying its own custom ransomware in attacks the last several months. After this malware is deployed, it gains access to victims’ networks, usually vis phishing links containing a malware downloader called Royal actors. Royal actors work to disable antivirus software and exfiltrate substantial amounts of data before deploying the ransomware that encrypts the system.
Royal ransomware is the most prolific ransomware operation to date, overtaking Lockbit a few months ago. Royal ransomware was responsible for at least nineteen ransomware attacks last month alone. According to the US government’s advisory, ransom demands made by Royal vary from $1 million to $11 million.
“In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note,” CISA and the FBI warned. “Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a. onion URL,” referring to Royal’s sites on the dark web.
Organizations are being warned against paying the ransomware if they were to fall victim of a ransomware attack.
The best thing you can do for your organization is to educate yourself on the several types of ransomware attacks out there and the most common security breach points. Then, work with a security expert like 2W Tech to review your security posture and security solutions stack to ensure you have the best protection in place to thwart off an outside attack.
2W Technologies Recognized on CRN’s 2023 MSP 500 List for Fourth Consecutive Year