The Royal Ransomware virus has been warned about to individuals and organisation’s in India by the Indian Computer Emergency Response Team (CERT-In).
This malicious programme targets individuals as well as essential infrastructure sectors including manufacturing, communications, healthcare, and education. It encrypts their files and requests payment in Bitcoin in order to prevent the release of personal information to the public.
The Royal Ransomware virus spreads by phishing emails, malicious downloads, abuse of RDP (remote desktop protocol), and other forms of social engineering, according to the CERT-In report. The US government had already issued advisories against the spread of this virus by the time it was first discovered in January 2022 and started to become active around September of the previous year.
The report further disclosed that callback phishing involves threat actors using a variety of techniques to trick users into installing remote access malware. Once the system has been infected, the virus encrypts the files and deletes shadow copies to make it impossible to recover them.
The Royal Ransomware virus contacts with the victim directly via a.onion URL route (darkweb browser), thus it doesn't reveal information like the ransom amount or any instructions. Additionally, the malware gains access to the domain controller, exfiltrates a sizable amount of data before encryption, and disables antivirus protocols.
CERT-In has suggested a set of countermeasures and internet hygiene guidelines to protect against this and similar ransomware attacks. These precautions include keeping backup data offline, frequently maintaining backup and restore, enabling protected files in Windows, blocking remote desktop connections, utilising least-privileged accounts, and restricting the number of users who can access resources via remote desktop.
Other best practises include keeping anti-virus software up to date on computer systems, avoiding clicking on links in unsolicited emails, and encrypting all backup data so that it is immutable (cannot be changed or deleted) and covers the entire organization's data infrastructure.
People and organizations should exercise caution and take the appropriate safety measures to protect themselves from this deadly virus. By following the suggested rules, you can help prevent data loss and lower your chances of suffering financial and reputational harm.