Site Logo

How to safeguard against royal ransomware increase

Royal ransomware entered the stage in 2022 and quickly became a nuisance for cyber analysts. Logpoint's research team has investigated the ransomware to uncover how analysts can detect and respond to the developing threat.

Logpoint's investigation revealed that Royal stops services and kills processes to set up a precondition for the ransomware to detonate. Adversaries use scheduled task functionality to facilitate single or repetitive execution of malicious codes, launching the ransomware. The malware enumerates shared resources on the network to encrypt the shared folder and deletes volumes of shadow copies of the drives to prevent recovery from them.

Doron Davidson, VP Logpoint Global Services said, "royal stands out as a ransomware provider because it doesn't have affiliates. The ransomware uses various tactics and techniques to reach its goal, like redirecting users using Google ads, sending phishing emails, and personal interactions based on callback phishing. Despite the many ways to gain initial access, the ransomware deploys in later stages, providing organisations with an opportunity to detect it before it wreaks havoc."

To protect your organisation against Royal ransomware, Logpoint recommends monitoring the infrastructure for stopped services and killed processes, monitoring for the creation of scheduled tasks and related events using the schtasks binary, and monitoring for access to multiple share folders in a short span from the same user and hosts

Doron added, "it's important that organisations have the right cybersecurity resources in place. Leveraging the technological advancements in cybersecurity can accelerate threat detection, investigation, and response. For example, automatic incident detection and response can improve cyber intelligence and reduce cyber risk. Investing in advance in Penetration Testing and similar cybersecurity services will reduce the need to pay for Royal’s Pentesting services."

More News
2 days ago
How to build trust in the workplace
Business specialists at TelephoneSystems.Cloud have named five ways to build a trusting relationship among employees and senior staff members.
3 days ago
Telehouse powers up Transatel’s connected car services with partnership
Telehouse has partnered with global cellular connectivity solutions provider, Transatel (a subsidiary of NTT DATA) to strengthen the digital infrastructure for Transatel’s expanding connected car business.
3 days ago
New checklist to help small businesses avoid cyber-attacks
Compliance experts, Skillcast is warning small businesses of significant fines and risks that would be devastating if they don’t protect themselves from cyber-attacks.
3 days ago
Sophos expands with new Partner Care offering
Sophos, experts in innovating and delivering cybersecurity as a service, is expanding its commitment to the channel with the addition of Partner Care, a new offering in its partner program that features a team of Sophos experts who handle non-sales related questions and operational support.
3 days ago
SailPoint launches MSP programme for Identity Security Cloud
SailPoint Technologies, experts in unified identity security for enterprises, has launched a Managed Service Provider (MSP) offering that gives select partners the ability to deliver and manage SailPoint Identity Security Cloud for customers around the world.
3 days ago
Guardpack invest in market expansion with new appointment
Wet wipe and sachet manufacturer, Guardpack, has appointed James Tucker as General Manager. James will be responsible for leading market expansion and new R&D initiatives.
4 days ago
TD SYNNEX extends OpenMPS support to Epson Workforce A3 series
TD SYNNEX has integrated the Epson Workforce Enterprise series of A3 copiers and printers into its OpenMPS-managed print service.
4 days ago
Over 2/3 IT security decision-makers to increase cybersecurity budgets
Infosecurity Europe has announced findings from research into the cybersecurity budgets of organisations, with 69 per cent of surveyed IT decision-makers citing that they have seen, or will see, their cybersecurity budgets increase between 10-100 per cent in 2024.
4 days ago
Evolve IP welcomes new reseller partner
Unified communications service provider, Evolve IP, has added a new name to its reseller recruitment drive.
5 days ago
Vectra AI and Gigamon announce new OEM partnership
Vectra AI, experts in hybrid attack detection, investigation, and response, and Gigamon, a deep observability company, have announced a new OEM partnership to deliver intelligent extended detection and response (XDR) across hybrid cloud environments.

Login / Sign up

xxx