U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities

U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities

Mar 03, 2023Ravie LakshmananEndpoint Security / Ransomware




The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year.


"After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said.


The custom ransomware program, which has targeted U.S. and international organizations since September 2022, is believed to have evolved from earlier iterations that were dubbed Zeon.

What's more, it's said to be operated by seasoned threat actors who used to be part of Conti Team One, cybersecurity company Trend Micro disclosed in December 2022.


The ransomware group employs call back phishing as a means of delivering their ransomware to victims, a technique widely adopted by criminal groups that splintered from the Conti enterprise last year following its shutdown.


Other modes of initial access include remote desktop protocol (RDP), exploitation of public-facing applications, and via initial access brok ..

Support the originator by clicking the read the rest link below.