#StopRansomware : the call is made by the FBI and the US Cybersecurity Agency CISA. Royal ransomware multiplies the victims in the United States as well as in other countries, targeting organizations and major players in a wide variety of critical sectors, such as health and education. Even though Royal seems to have emerged relatively recently, at the beginning of 2022, the scale of the attacks in fact a major concern of the US government, accentuated by uncertainties about the identity and motivations of its members.
The birth of Royal ransomware could not be precisely dated, but the first notable attacks date back at the beginning of 2022. in Zeona known ransomware, was used by hackers at Royal, blurring the tracks on the origins malicious operations. From September 2022, the program turned into a unique version, now used by hackers.
After a proliferation of malicious initiatives in the public health sector, the US Department of Health and Human Services sounded the alarm bell, calling for reinforcement national cyber defense capabilities.
Well-established methods
The effectiveness of the attacks carried out by the group behind Royal can be explained by the methods used. In the majority of cases, i.e. 66.7% of attemptsaccess to the network is via an e-mail from phishing. Recipients of booby-trapped emails innocently install attachments or software, infecting their computers. In 13.3% of caseshackers favor the Remote Desktop Protocol compromise method: they steal login informationallowing them to access data and public software from a remote server.
Extortion, the primary objective of Royal hackers
Subsequently, the hackers claim to the victims to pay large sums of money in exchange for the restitution of their data. According to the US government, the ransom demands made by Royal vary between 1 and 11 million dollars. However, the press release warns that it is preferable not to make these payments, since there is no guarantee that the data will actually be destroyed. These funds can also contribute to strengthen the capacities of the group of hackerswhile encouraging other actors to use the same methods of extortion. The FBI and CISA advise victims to report incidents to the competent authorities.
Who is hiding behind Royal?
The origin of pirates remains a mystery. The complexity of the ransomware suggests to several observers that the actors have undeniable experience, and may be linked to other groups, such as Conti, a gang of hackers close to Russia. They could thus have trained with several existing pirate groups. The majority of victims are Americanbut other nationalities are also affected: one of his victims was le circuit de Silverstone, one of the UK’s premier motor racing venues. Finally, according to the US government agency Health Sector Cybersecurity Coordination Center, “While most known ransomware operators have done Ransomware-as-a-Service, Royal appears to be a private group with no affiliates while maintaining financial motivation as a goal ».
