The US Cybersecurity and Infrastructure Security Agency (CISA) published a new advisory earlier this week warning organizations of the Royal Ransomware group. The Royal Ransomware group is believed to use its own custom-made file encryption program in its attacks, the CISA says. The FBI also collaborated on the advisory, which is designed to advise organizations and individuals of the tactics, techniques, and procedures used by Royal ransomware variants.
The advisory was prompted by what the Cybersecurity Advisory says is recent malicious activity by threat actors using a particular malware variant on the authorities’ radar since September. The threat actors gain initial access via phishing messages and remote desktop protocol. Once access is achieved, the threat actors disable antivirus software on victims’ machines and exfiltrate data. The FBI and CISA believe that the group has made over $1 million in Bitcoin to date.
Read More: CISA Warns Against Royal Ransomware in New Advisory