Cybereason warns of attacks from Royal Ransomware Group

Cyber security firm Cybereason has issued a global threat alert warning public and private sector organisations about the emergence of the Royal Ransomware Group and the unique tactics, techniques and procedures they are deploying in attacks to evade detection.

It says companies should be on high alert for ransomware attacks during the holiday season and on weekends, as a recent Cybereason study shows attackers preying on vulnerable organisations, including within the heathcare sector.

The Royal Ransomware Group first emerged earlier this year, and has so far hit dozens of companies around the world. Cybereason says the group appears to be operating under the supervision of other well-known ransomware gangs, including Conti Group. It adds that the threat level from Royal attacks is high and organisations should take precautionary steps to avoid falling victim.

The report found that Royal’s approach is unusual in that it expands the concept of partial encryption, which means it has the ability to encrypt a predetermined portion of the file content and base its partial encryption on a flexible percentage encryption. This makes detection more challenging for anti-ransomware solutions. It is also a global operation and operates on its own; it does not appear to use ransomware-as-a-service or to target a specific sector or country.

Cybereason recommends a number of measures to help protect against the threat, including the implementation of a security awareness program for employees and ensure operating systems and other software are regularly updated and patched. It also urges firms to ensure key players can be reached at any time of day given the potential additional damage that can be caused when a response to an attack is delayed over holidays and weekends.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.