Sneaky Ransomware Gang Changing Tactics to Keep Winning
Royal ransomware first became known in September, and it has not slowed down at all since inception. This ransomware is being distributed by multiple threat groups, but Microsoft warns that one group is showing a “pattern of continuous innovation” to distribute and hide payloads. They are so skilled that often, it is too late, and the victim has had their network encrypted.
This ransomware operation is using unusual techniques to breach networks and encrypt them with file-locking malware. The ransomware gang is called DEV-0569 for now since their identity and origin are still unknown.
So far, we have seen Royal ransomware delivered by phishing emails. One method is by delivering a malicious attachment holding Batloader backdoor malware, which is used to download the ransomware payload. It has also been delivered via emails with links to what pose as legitimate installers and updates for commonly used business applications. When clicked, these updates install the backdoor, which is then used to deliver malware.
As Royal ransomware has evolved, more unusual techniques have been introduced including using contact forms to gain access to targets and deliver malware. We have also seen the attackers using Google ads to help deliver malware via malvertising links which allows the attackers to track the devices and users that click links. There have also been direct human operated attacks where ransomware is installed on a compromised network exploiting vulnerabilities and remote access tools, leaving them vulnerable for the Royal payloader to be installed.
The only protection against Royal ransomware and the likes of others, is to build resiliency within your organization. To do this, you need the best security solutions stack, as well as educated users. There are several security measurements you can put in place in your organization also. Not sure where to start? Let 2W Tech help. We are a technology solutions provider specializing in solutions for the manufacturing industry. Let our team of IT Consultants work with your business to ensure you are protected from outside threats.