Wednesday, November 29, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Organizations Warned of Royal Ransomware Attacks

Researcher by Researcher
March 5, 2023
in Cybersecurity
0
Organizations Warned of Royal Ransomware Attacks
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert to warn organizations of the increasing threat posed by the Royal ransomware.

The Royal ransomware has been used in attacks since September 2022, targeting US and international organizations in numerous sectors, including critical infrastructure, communications, education, healthcare and public healthcare (HPH), and manufacturing.

Likely evolved from a variant that relied on the Zeon loader, Royal ransomware uses its own file encryption program, disables security protections on the infected systems, and exfiltrates large amounts of data to engage in double extortion.

The Royal ransomware operators have been observed making ransom demands ranging between $1 million and $11 million, in Bitcoin. However, they do not include ransom amounts and payment instructions in the initial ransom note, but instruct victims to contact them via a Tor website.

For initial access, Royal ransomware operators rely on phishing, remote desktop protocol (RDP), exploitation of vulnerabilities in public-facing applications, and initial access brokers, the FBI and CISA warn in their advisory.

After compromising a network, the threat actors download a variety of tools from the command-and-control (C&C) infrastructure, including Chisel for C&C communication, PsExec for lateral movement, and remote monitoring and management (RMM) software such as AnyDesk, Atera, and LogMeIn for persistence.

The Royal ransomware operators were also seen using Cobalt Strike and other malicious tools, including Ursnif/Gozi, for data harvesting and exfiltration.

The threat actors also use Windows Restart Manager to identify whether files are in use, and rely on the Windows Volume Shadow Copy service to delete shadow copies and prevent victims from restoring their data.

On infected systems, the FBI has found numerous batch files that add a new admin user, update group policies, create registry keys and execute the ransomware, monitor the encryption process, and delete files after the encryption has been completed.

Organizations are advised to implement and maintain a recovery plan that includes keeping multiple, separate backups of their data, to secure all accounts with strong and unique passwords, to implement multi-factor authentication, to implement network segmentation, to use network monitoring tools for identifying abnormal activity, to audit accounts and disable unused ports and services, and to keep all software and operating systems updated.

The FBI and CISA alert arrives roughly three months after the US Department of Health and Human Services (HHS) warned organizations in the healthcare sector of the risks associated with Royal ransomware.

Related: Cyber Insights 2023 | Ransomware

Related: Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: Report

Related: Ransomware Hit 200 US Gov, Education and Healthcare Organizations in 2022



Source link

Related articles

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
Tags: AttacksorganizationsRansomwareRoyalWarned
Share76Tweet47

Related Posts

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
0

Northern Ireland’s top police officer apologized Thursday for what he described as an “industrial scale” data breach in which the...

Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
0

Enterprise IT teams are struggling to cope with three major forces of change: the evolving regulatory environment, a globally dispersed...

Decipher Podcast: Katelyn Bowden and TC Johnson

Decipher Podcast: Katelyn Bowden and TC Johnson

August 12, 2023
0

Veilid main site: https://veilid.com/ Cult of the Dead Cow site: https://cultdeadcow.com/ Source link

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

August 12, 2023
0

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under...

Used Correctly, Generative AI is a Boon for Cybersecurity

Used Correctly, Generative AI is a Boon for Cybersecurity

August 12, 2023
0

Adobe stock, by Busra At the Black Hat kickoff keynote on Wednesday, Jeff Moss (AKA Dark Tangent), the founder of...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
Microsoft to Block Macros by Default in Office Apps

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023
North Korean Hackers Exploiting Zero-day Vulnerabilities

North Korean Hackers Exploiting Zero-day Vulnerabilities

November 28, 2023

Recent Posts

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cyber Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved