Royal ransomware is continuing to be used in aggressive cyberattacks against critical infrastructure. As previously reported, the group poses a significant threat to the healthcare sector.
Actions to take today to mitigate cyber threats from ransomware:
- Prioritise remediating known exploited vulnerabilities.
- Train users to recognize and report phishing attempts.
- Enable and enforce multifactor authentication.
To help organizations mitigate risk, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory (CSA) about the variant, providing the most comprehensive overview of the group’s tactics to date.
Since September 2022, cyber threat actors have leveraged the Royal and its custom-made file encryption program to gain access to victim networks and request ransoms ranging from $1 million to $11 million, CISA and the FBI found.
The healthcare sector has been particularly hard hit by Royal ransomware attacks, with several hospitals and healthcare providers falling victim to these attacks in recent years. These attacks have caused significant disruptions to patient care and have put lives at risk. Similarly, the manufacturing and communications industries have also been targeted by Royal ransomware attacks, which have caused significant disruption to operations and have resulted in the loss of sensitive data.
The FBI and CISA's joint release highlights the seriousness of the threat posed by the Royal ransomware and the need for organizations to take proactive measures to protect themselves against these attacks. This includes implementing robust cybersecurity measures, such as regular software patching, network monitoring, and user awareness training. It also means working closely with law enforcement agencies and other stakeholders to share information and collaborate on cybersecurity initiatives.
However, while these measures are essential, they are not sufficient on their own. Organizations must also take a broader view of cybersecurity and recognize that it is not just a technical issue, but also a business issue. This means ensuring that cybersecurity is integrated into all aspects of the organisation, from governance and risk management to compliance and vendor management.
The FBI and CISA also recommended that network defenders implement key mitigations aligned with CISA’s Cybersecurity Performance Goals (CPGs), which were released in October 2022.
Specifically, the authoring entities recommended that critical infrastructure organizations implement a strong recovery plan, require multi-factor authentication (MFA), segment networks, and keep all operating systems up to date.
Lastly, the FBI and CISA reminded entities that they do not encourage paying a ransom to threat actors, “as payment does not guarantee victim files will be recovered.”
“Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”
The summary of the FBI’s and CISA's joint release on the continued use of the Royal ransomware in aggressive cyberattacks against critical infrastructure highlights the ongoing threat posed by cybercrime to organisations and 2023 still remains a tough environment for Cyber defenders and authorities.
