FBI And CISA Sound The Alarm Regarding Ransomware Royal, What's Up?

Cybercriminals have infiltrated the US and international organizations with the Royal ransomware variant. (photo: doc. Pexels)

JAKARTA - Operation Royal ransomware has reportedly targeted many critical infrastructure sectors across the United States (US). The government has sounded the alarm regarding this attack.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) for deploying IOC and TTP ransomware Royal, identified through recent FBI threat response activity in January 2023.

Since September 2022, cybercriminals have been infiltrating US and international organizations with a variant of the Royal ransomware.

The FBI and CISA believe this variant uses its own file encryption program, evolving from the previous iteration that used Zeon as the author.

After gaining access to the victim's network, the bad actors behind Royal disable the antivirus software and extract large amounts of data before finally deploying the ransomware and encrypting the system.

They ask for a ransom ranging from around 1 million to 11 million US dollars (IDR 15.3 billion to IDR 168 billion) in Bitcoin, as quoted from the CISA website, Monday, March 6.

In the observed incidents, Royal ransomware actors did not enter the ransom amount and payment instructions as part of the initial ransom note.

The notes that appear after encryption, on the other hand, require the victim to interact directly with the threat actor via a.onionURL.

As of November 2022, Royal ransomware was reported as the most prolific ransomware operation, overtaking Lockbit. Recent data shows Royal was responsible for at least 19 ransomware attacks in February, behind 51 attacks attributed to LockBit, and 22 attacks linked to Vice Society.

Although most of Royal's victims were based in the US, one notable victim was the Silverstone Circuit, a motor racing circuit in Great Britain.

Other victims claimed by the actor include ICS, an organization that provides cybersecurity services to the US Department of Defense, the Dallas School District, and others.

According to reports, ransomware actor Royal has also targeted many critical infrastructure sectors including, Manufacturing, Communications, Health Services and Public Health Care (HPH), and Education.

Both the FBI and CISA have advised all US organizations to implement mitigation and report any incidents of ransomware. And, if they can, they should refuse to pay the ransom demands.