Cyber security firm Cybereason has issued a global threat alert warning public and private sector organisations about the emergence of the Royal Ransomware Group and the unique tactics, techniques and procedures they are deploying in attacks to evade detection.

It says companies should be on high alert for ransomware attacks during the holiday season and on weekends, as a recent Cybereason study shows attackers preying on vulnerable organisations, including within the heathcare sector.

The Royal Ransomware Group first emerged earlier this year, and has so far hit dozens of companies around the world. Cybereason says the group appears to be operating under the supervision of other well-known ransomware gangs, including Conti Group. It adds that the threat level from Royal attacks is high and organisations should take precautionary steps to avoid falling victim.

The report found that Royal’s approach is unusual in that it expands the concept of partial encryption, which means it has the ability to encrypt a predetermined portion of the file content and base its partial encryption on a flexible percentage encryption. This makes detection more challenging for anti-ransomware solutions. It is also a global operation and operates on its own; it does not appear to use ransomware-as-a-service or to target a specific sector or country.

Cybereason recommends a number of measures to help protect against the threat, including the implementation of a security awareness program for employees and ensure operating systems and other software are regularly updated and patched. It also urges firms to ensure key players can be reached at any time of day given the potential additional damage that can be caused when a response to an attack is delayed over holidays and weekends.

Share Story: