A right Royal ransomware

There is a new type of ransomware called “Royal” being distributed by multiple threat groups across the UK. They are extremely successful at penetrating networks using innovative and persuasive techniques.

The attackers are using Google ads and search results combined with fake, but legitimate-looking, software download sites to trick users into downloading the malware. They are also using contact forms on business websites, emails, fake forum comments and blog posts. They point to the same malicious files and are having more success than other similar attacks.

Microsoft Security Threat Intelligence has described Royal as “showing a pattern of continuous innovation, with regular incorporation of new discovery techniques, defence evasion, and various post-compromise payloads, alongside increasing ransomware facilitation.”

Ransomware is a form of malware (short for “malicious software”) where a file typically delivered over a network, is designed to deny your business access to files and systems. The cyber attackers encrypt your data and offer the decryption key in return for a ransom payment. This can be hundreds of thousands, if not millions of pounds. Typically, ransoms are requested in a cryptocurrency such as Bitcoin so they can’t be traced. Even if you pay, there is still no certainty that the attackers will ever hand over the decryption key to you. Their intent is to wreak havoc, not strike deals.

Why is Royal ransomware more dangerous than other ransomware?
Rather than trying to access your network through vulnerabilities in your servers or firewalls, the attackers are tricking people (your employees) into downloading files that give them access to your network.

Usually, Anti Spam, Anti Malware, Web Protection and Firewalls will detect and block an attack. With this method and the way they are adapting their approach, it gives them unrestricted access across your entire network with zero warning that an attack is underway.

What can I do to defend my business against Royal ransomware?

Knowledge is power
The most vulnerable aspect of your business is your staff. Unless you communicate the importance of this threat, they are your weakest line of defence. Stress the importance of a “think before you click” approach to everything – websites, links in emails, pdfs. Everything that has a link COULD be a threat.

Royal relies upon tricking humans, the most effective action you can take is to advise all of your employees to act with extra vigilance when opening emails and surfing the internet.

• Anti Spam will block emails that contain a potential link to the malicious software
• Web Protection will block users from reaching fake download sites
• Anti-Malware will detect malicious software appearing on your systems
• Cloud backup and disaster recovery will enable you to recover from an attack

The most important point with Royal is that the approach is being continually adapted and the best defence is to have employees that are vigilant and physically prevented from downloading software.

Be prepared
Do you know how you will operate if you get locked out of all your systems? Do you have a disaster recovery plan? Have you tested your backups can be restored?

If the answer no to any of these questions is no, please get in touch.