How to safeguard against royal ransomware increase

Royal ransomware entered the stage in 2022 and quickly became a nuisance for cyber analysts. Logpoint's research team has investigated the ransomware to uncover how analysts can detect and respond to the developing threat.

Logpoint's investigation revealed that Royal stops services and kills processes to set up a precondition for the ransomware to detonate. Adversaries use scheduled task functionality to facilitate single or repetitive execution of malicious codes, launching the ransomware. The malware enumerates shared resources on the network to encrypt the shared folder and deletes volumes of shadow copies of the drives to prevent recovery from them.

Doron Davidson, VP Logpoint Global Services said, "royal stands out as a ransomware provider because it doesn't have affiliates. The ransomware uses various tactics and techniques to reach its goal, like redirecting users using Google ads, sending phishing emails, and personal interactions based on callback phishing. Despite the many ways to gain initial access, the ransomware deploys in later stages, providing organisations with an opportunity to detect it before it wreaks havoc."

To protect your organisation against Royal ransomware, Logpoint recommends monitoring the infrastructure for stopped services and killed processes, monitoring for the creation of scheduled tasks and related events using the schtasks binary, and monitoring for access to multiple share folders in a short span from the same user and hosts

Doron added, "it's important that organisations have the right cybersecurity resources in place. Leveraging the technological advancements in cybersecurity can accelerate threat detection, investigation, and response. For example, automatic incident detection and response can improve cyber intelligence and reduce cyber risk. Investing in advance in Penetration Testing and similar cybersecurity services will reduce the need to pay for Royal’s Pentesting services."

More News
10 hours ago
62% eCommerce organisations to focus on real-time data collection in 2023
When asked about their goals for collecting data in the coming year, 62 per cent of eCommerce organisations said that real-time data would be at the forefront. This is one of the key findings from the new Oxylabs white paper, Alternative Data Defines Competition in the US & UK Ecommerce Sectors, which demonstrates the importance of real-time data collection eCommerce businesses.
12 hours ago
Exertis named first UK distributor to offer Seagate Lyve Cloud
Exertis has been named as the first UK distributor to add Seagate Lyve Cloud, a storage as a service to its portfolio. Seagate’s S3-compatible cloud storage offers a way to unlock the value of its unstructured data sets, helping to drive innovation.
13 hours ago
Solotech announces new UK HQ in Birmingham
Solotech, experts in AV entertainment and technology, is opening a new UK headquarters. Located in Birmingham, the new facility will serve as a hub for audio, video, and lighting rental stock and corporate offices.
14 hours ago
directprint.io adds new feature to serverless print management solution
directprint.io has added a new internal directory to its serverless print management solution, making it easier for customers to seamlessly take print to the cloud.
14 hours ago
iplicit launches reseller channel to help partners grow
Accounting software provider, iplicit is launching a reseller channel that will allow its partners to offer true-cloud accounting software to growing businesses and land new, larger clients.
15 hours ago
Nuvias UK partners with Pentera to enhance cybersecurity portfolio
Nuvias UK, an Infinigate Group company, has announced a partnership with Pentera, the category leader for Automated Security Validation, to become the company’s distribution partner across the UK. Nuvias will deliver Pentera’s platform across the enterprise market in the UK to support the growing need for automated security validation solutions.
3 days ago
New Relic now available as a Native Azure Service
New Relic has announced that it will be available to all Azure customers as a Native Service in the Microsoft Azure Marketplace, to help enterprises accelerate their cloud migration and multi-cloud initiatives.
3 days ago
N-able Empower conference details announced
N-able has announced the full line-up for its Empower conference at Prague Congress Centre, taking place between 9th-11th May. The agenda includes three days of networking and learning opportunities, 30+ hours of educational content, an expert cybersecurity keynote speaker, and four programming tracks geared toward helping MSPs scale and grow their business.
4 days ago
Administrators appointed at Bluespot Furniture
James Sleight and Oliver Collinge of PKF GM were appointed as Administrators of Bluespot Furniture Ltd on 20th January 2023.
4 days ago
Konica Minolta launches bizhub c3120i and bizhub c3100i
Konica Minolta Business Solutions (UK) has announced the launch of two full-colour A4 machines, bizhub C3120i and bizhub C3100i, suitable busy home offices, and smaller personal workgroups.

Login / Sign up