Category: Royal Ransomware

As per an advisory from the FBI and US-CISA, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022.

This marks the fourth malware iteration linked to the Royal Ransomware lineage, joining the ranks of Blackmatter (a derivative of Darkside ransomware), Hunters International (formerly known as Hive), and NoEscape (previously identified as Avaddon).

Evidently, law enforcement agencies have intensified their efforts against the Royal Ransomware variant, prompting the criminal group to opt for a rebranding strategy to sustain its operations within the dark web.

Over the past few months, US law enforcement, in collaboration with Interpol and global police agencies, has been diligently working to thwart the activities of cybercriminal organizations. Their endeavors involve tracing operational hubs, seizing assets, conducting investigations, and scrutinizing the motivations of these groups and the governments potentially backing them. Notably, many of these criminal entities have been linked to Russia or North Korea, while others have ties to countries such as Iran and China.

Despite concerted governmental efforts to eradicate these online threats, cybercriminal groups continue to proliferate, showcasing increased levels of sophistication.

A common strategy to combat such threats is to refrain from paying ransoms and instead recover data from secure backups. However, challenges arise with double extortion tactics, where hackers not only steal data but also threaten to release or sell it on the dark web.

Encrypting stored data serves as a preventive measure, making it inaccessible to data thieves even if the information is compromised. Reporting such incidents to law enforcement is crucial, as these agencies possess the expertise to track and promptly prosecute cybercriminals, effectively dismantling their infrastructure.

Alternatively, succumbing to hackers’ demands and paying a ransom becomes an option, albeit a risky one. There’s no guarantee that hackers will provide a decryption key or delete stolen data from their servers after receiving payment. Vigilance, preventive measures, and collaboration with law enforcement remain essential components of a robust defense against the evolving landscape of cyber threats.

The post Blacksuit Ransomware linked to Royal Ransomware appeared first on Cybersecurity Insiders.

First is regarding a ‘Rapid Security Update’ that is being issued by Apple Inc to all iOS devices and applies to iPads and macOS. The technology giant confirmed that the update is a necessity and can be automatically updated as well, if the settings are tweaked. It disallows hackers from taking control of the device and was released to patch up vulnerabilities within the software. Therefore, all users of the device should focus on getting their device installed with the latest update.

Second is the news about a Sydney-based cancer treatment facility that became a victim of a ransomware attack. The Crown Princess Mary Cancer Center is the healthcare facility that is in discussion and federal government agencies are trying to contain the incident on the servers of the facility, which is part of the Sydney West Cancer Network.

Third is the news related to the City of Dallas, where the servers of the Dallas Police Department have fallen prey to a ransomware attack, thus disrupting systems related to emergencies and other calls. The Royal Ransomware Group is said to be involved in the incident, and the cyber arm of the Dallas Police Department is finding ways to mitigate the risks and recover the data as early as possible.

Another alert has been issued against the ROYAL ransomware gang by the Indian Computer Emergency Response Team (CERT). According to the advisory, all healthcare providers operating in the Indian subcontinent and in the whole of South Asia should be cautious about the said file-encrypting group that mainly targets the healthcare sector. Therefore, computer admins are being warned to be aware of phishing emails, malicious downloads, and be wary of other social engineering attacks.

The next news is related to Pediatric Healthcare Provider Brightline, which is in the field of treating child mental health and trauma. According to sources, a hack has exposed data of over 780,000 children who were patients of Brightline. The data breach took place on January 30th, 2023, impacting about 783,600 people. A related notice has been displayed on the website and investigations revealed that the hackers infiltrated the database with a zero-day vulnerability.

Meta, the parent company of Facebook, Instagram, and WhatsApp, released a press statement yesterday that its cybersecurity teams have disrupted a malware spread campaign that was discovered to be spreading malware like Ducktail and the newly identified NodeStealer. Primary analysis made by the technology giant stated that the malware was being distributed via browser extensions and fake ads running on compromised business accounts.

The post Information Security News headlines trending on Google appeared first on Cybersecurity Insiders.

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise the defense-line against such cyber threats.

Royal Ransomware gang has been active since September 2022 and demands a sum ranging between $1m to $11 million that needs to be paid in Bitcoins. To avoid these attacks, it is best to use protective security measures and keep data secure with encryption.

The NCSC of the United Kingdom opposes Twitter’s decision to forgo multi-factor authentication in the coming weeks. This could spell trouble, as hackers can easily hijack an account to publish scam related campaigns, hate speech, biased political statements and what not.

So, Britain’s cyber arm of GCHQ is urging Twitter users to use other online services in securing their online accounts, by adding an extra layer of security- on top of password managers and a 14-16 character password.

Third is the news related to cybercrime and might interest the male folks! According to a finding of Trend Micro, at least 30% of those involved in cyber crime are women and among those 3% are from Russia.

AI driven stats revealed that nearly half of them were actively taking part in hacking forums as active users.

So, at least in this cyber crime sector, there is no gender bias, and that gives a great sigh of relief!

Fourth, is the news of a Public Transport System of State of Washington being encrypted by a file encrypting malware on February 14th of this year. Pierce Transit, a pooling service related to car and bus, was hit by a ransomware, blocking access to a certain extent to customers. LockBit Ransomware group took a claim of the incident on February 28th 2023 and is reportedly demanding $10 million to free up the data from malware. More details are awaited!

Fifth is the news related to Australian Federal Police(AFP) arresting a 34-year woman for bombarding the email account of a Federal MP with over 32,000 emails. She was arrested on March 1st of this year and the Penrith Local court presented her on March 2nd, 2023, after which they granted her bail with strict conditions. The court scheduled the next hearing for April last week of this year and expect a final decree to be pronounced on that day.

 

The post Cybersecurity headlines trending on Google appeared first on Cybersecurity Insiders.

Day to day a new ransomware emerges on the web giving us a feeling that the threat seems to be a never-ending saga and is going through evolution with time. Royal Ransomware is the latest file encrypting malware that is on the prowl and is, for now, encrypting only networks related to the healthcare sector of America.

Health Department issued a warning on this note and labeled it as a threat of high severity depending on the victims and ransom amount it is demanding and has gained from its victim, so far.

On an average, Royal Malware is seen demanding anything around $250,000 to $4m and solely depends on the data it has siphoned from its victims.

 Highlight of this new malware is that it is consisting experienced members from other gangs such as RYUK who appear to be working freelance for this group.

Besides double extortion, they said a gang of cyber criminals is threatening to wipe off the entire encrypted data from the servers if the victim fails to pay the ransom in time.

Obviously, the healthcare sector info has the highest demand on the dark web and so the hackers’ group might be interested in siphoning the info, as it proves profitable in either case.

NOTE– Ransomware is a kind of software that encrypts data on a database until a ransom is paid to hackers in cryptocurrency, like Bitcoins. With time, those indulged in this business of spreading malware or inducted malware into business have become sophisticated and introduced new malware having the potential to wipe information from the victimized database or steal it and sell it on the dark web, at a later stage.

 

The post Royal Ransomware is after the healthcare sector of the United States appeared first on Cybersecurity Insiders.

The first one is a report released by the FBI stating the earning details of Hive Ransomware Group. FBI issued a joint advisory along with CISA that the said hacking group extorted more than $100m in this financial year by infecting over 1300 victims in 15 months starting from June’21.Victims list include government organizations, communication sector companies, IT businesses and businesses involved in healthcare sector.

Second is the news related to Microsoft releasing a report on a newly discovered Royal Ransomware, first detected in Aug’22. Microsoft Security Threat Intelligence group said in its latest post that the group of criminals were using Google Ads in one of their campaigns of spreading malware and the victim includes a renowned motor racing circuit in the United Kingdom.

The American tech giant claims that it discovered the malvertising campaign in October this year where DEV-0569 was seen redirecting users to malicious files downloading website.

Google was informed about this malicious practice by the Windows giant early this month and the Alphabet Inc’s subsidiary took measures to curtail this malware attack affecting its normal ad traffic.

Third is the news related to UK’s COBRA meetings that have been intensively discussing ransomware incidents these days rather than other emergencies. Earlier, the Cabinet Office Briefing Room (COBR) was seen discussing terrorist attacks. But now, focus remains to be malware attacks and how they have to be handled from the perspective of victims.

Ironically, the meetings convened by COBRA were linked to Whitehall Sprint, that was supposed to be concluded by December last year, and the recommendations were to be discussed at the G7 meeting at the end of 2021. However, the government failed to put Sprint on an actionable path and so the project seems to be jinxed.

 

The post Ransomware Attack news headlines trending on Google appeared first on Cybersecurity Insiders.