What Is Royal Ransomware? CERT-In Warns Organisations Against Attacks Targeting Critical Infrastructure

The 'Cyber Swachhta Kendra' (CSK) operated by the Indian Computer Emergency Response Team (CERT-In) has issued a warning about the "Royal ransomware".

It critical sectors like communications, healthcare, education, etc. or individuals. The demands payment in Bitcoins to prevent personal data from being released to the public. To ensure safety, it's important to understand what the Royal ransomware is and how it can affect us and how you can take the necessary safety measures to protect yourself.

Royal ransomware first came to light back in September 2022 and has been wreaking havoc across the world since. It is an especially aggressive ransomware variant, with its threat actor group not utilizing the Ransomware-as-a-Service business model and attacking victims indiscriminately of any sector or country.

Generally, its victims count more than 70 organizations worldwide, most notably critical infrastructure sectors in the United States and Brazil. The malicious threat actors behind it employ the double extortion method which involves stealing as well as encrypting their victims' data.

Royal ransomware is aggressively advancing and infiltrating high-risk systems in many vulnerable countries, appropriate countermeasures should be taken swiftly and on a global level for both prevention of further spreading as well as mitigation against existing infections.

The Indian Computer Emergency Response Team (CERT-In) recently issued a warning against “Royal ransomware,” that has been attacking critical sectors such as healthcare, communications, and education since it was first detected in January 2022.

This virus enters computer systems through phishing emails, malicious downloads, and other forms of social engineering intended to lure unsuspecting users into downloading potentially harmful software. The ransomware spreads quickly via Remote Desktop Protocol (RDP) connections too.

This type of malware is particularly dangerous because it seeks pay-off in Bitcoin for not leaking personal data in the public domain. Moreover, it can have far-reaching effects on both large organizations and individuals alike; hence, it is important to take necessary precautions to safeguard our devices from this threat.

All users should be cautious while clicking links or downloading attachments from suspicious email accounts, and external devices with unknown origins should never be connected to the company’s network.

According to the Cyber Swacchata Kendra, there are few things that you can do. Check the official website to know more about Royal Ransomware. 

• It is recommended to keep offline backups of data and regularly perform backup and restoration to prevent significant disruptions and irretrievable data loss for the organization.

• It is recommended to encrypt and make backup data immutable for the entire organization's data infrastructure.

• It is recommended to use strong and unique passwords for all accounts with password logins, including service accounts, admin accounts, and domain admin accounts, to ensure proper implementation and security measures are taken into consideration for protection purposes."

• It is recommended to apply multi-factor authentication to all available services, especially those that involve webmail, virtual private networks, and accounts with access to critical systems.

• Limit access to administrative shares