Federal Government Issues Royal Ransomware Warning
The U.S. government has issued a warning of an ongoing ransomware attack from Royal ransomware on critical infrastructure.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released the alert to disseminate known Royal ransomware indicators of compromise (IOCs), and tactics, techniques and procedures (TTPs) identified through FBI threat response activities as recently as January.
“Since approximately September 2022, cybercriminals have compromised U.S. and international organizations with a Royal ransomware variant,” the alert said. “FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used Zeon as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million in Bitcoin. Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, health care and public healthcare (HPH), and education.”
Jamie Boote is associate software security consultant with Synopsys Software Integrity Group.
“Ransomware presents a unique crossover of the attack surface that wasn’t as noticeable when public-serving operations weren’t as networked or digitized,” he said. “Attacks like ransomware target private companies like hospitals, factories and energy companies, but end up being an attack against the American public by depriving them of these vital services. These private-target/public-impact attacks have prompted the White House to build a strategy to go beyond securing government networks and will work to secure the networks of critical infrastructure providers. By highlighting the private targets that have a public impact, such as hospitals and other public-facing providers, bulletins like these are raising awareness of the threats posed to the public. These communications and strategy announcements from the government are representative of how the government has made cybersecurity a priority, and will continue to work with private and public partners to better mitigate threats like these.”
