X

Royal Ransomware – How To Brace For The Sharp Increase

By Matt Williams -

Logpoint research reveals what organisations should monitor for to safeguard against the rapid increase in royal ransomware attacks. The Royal ransomware group has leaked data of more than 60 victims since November 2022.

Royal ransomware entered the stage in 2022 and quickly became a nuisance for cyber analysts. Logpoint’s research team has investigated the ransomware to uncover how analysts can detect and respond to the developing threat.

“Royal stands out as a ransomware provider because it doesn’t have affiliates. The ransomware uses various tactics and techniques to reach its goal, like redirecting users using Google ads, sending phishing emails, and personal interactions based on callback phishing,” says Doron Davidson, VP Logpoint Global Services. “Despite the many ways to gain initial access, the ransomware deploys in later stages, providing organisations with an opportunity to detect it before it wreaks havoc.”

Logpoint’s investigation revealed that Royal stops services and kills processes to set up a precondition for the ransomware to detonate. Adversaries use scheduled task functionality to facilitate single or repetitive execution of malicious codes, launching the ransomware. The malware enumerates shared resources on the network to encrypt the share folder and deletes volumes of shadow copy of the drives to prevent recovery from them.

To protect your organisation against Royal ransomware, Logpoint recommends:

  • Monitoring the infrastructure for stopped services and killed processes
  • Monitoring for the creation of scheduled tasks and related events using the schtasks binary
  • Monitoring for access to multiple share folders in a short span from the same user and hosts

“It’s important that organisations have the right cybersecurity resources in place,” says Doron Davidson. “Leveraging the technology advancements in cybersecurity can accelerate threat detection, investigation, and response. For example, automatic incident detection and response can improve cyber intelligence and reduce cyber risk. Investing in advance in Penetration Testing and similar cybersecurity services will reduce the need to pay for Royal’s Pentesting services.”

Read Logpoint’s blog post about Royal ransomware here.

Also, stay up to date with the most recent machine vision and image processing news right here on MVPro Media.

Most Read

SVS-Vistek: Identifying Miniature Codes Within Large Field of View

byMatt Williams

February 1, 2023

New code reading solutions from Strelen Control Systems realise the sophisticated evaluation of tiny codes...

17th Image Sensors Europe to feature key supply chain experts

byMatt Williams

February 2, 2023

More than 250 key stakeholders from across the image sensors industry will convene in London...

Rohde & Schwarz Show Mobile Solutions at MWC Barcelona 2023

byMatt Williams

January 31, 2023

Rohde & Schwarz brings its exceptional insight of wireless communications testing and a deep understanding...

ProovStation Raise €10.4m to Deploy AI-Assisted Testing Stations

byMatt Williams

January 31, 2023

ProovStation has raised 10.4 million euros to deploy the first network of AI-assisted testing stations...

Emerson Introduces New Ultrasonic Metal Welder

byMatt Williams

February 1, 2023

Emerson has introduced a new ultrasonic metal welder for bonding larger batteries, conductors and wire...

Seco Tools Acquires Premier Machine Tools (PMT)

byMatt Williams

February 3, 2023

Seco Tools has announced it has acquired Premier Machine Tools (PMT). As of February 1st,...

SICK: Smart Box Detection for Safe Continuous Material Flow

byMatt Williams

February 2, 2023

SICK has launched an industry-first safety light curtain system for Smart Box Detection, designed to...