FBI and CISA Release Joint Advisory On The Royal Ransomware Gang

The FBI and CISA have revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.

Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a .onion URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education.

Frankly that’s a staggering number. John Gunn, CEO, Token had this comment:

It is ridiculous that organizations are left to fend for themselves. Imagine there were this many bank robberies without any action against the perpetrators – just more advice from the Feds on how to protect the bank from robbers – never. Our government needs to do more to proactively target and eliminate groups that are making US institutions their targets.

Perhaps he has a point and maybe it’s time to go on offence as being constantly on defence is tiring, and more importantly isn’t stopping these groups from operating. It’s certainly food for thought.

Leave a Reply

%d bloggers like this: