According to a ransomware analysis report by NordLocker, Royal is a new ransomware group launching record numbers of attacks. Despite being new and having appeared only a few months ago, Royal managed to launch 26 attacks in March 2023 worldwide, which puts it among the top three most notorious ransomware gangs globally.
Royal predominantly targets U.S. companies, accounting for almost 60 percent of its attacks. The group has been particularly active against finance and construction firms. In total, Royal has targeted 40 different industries, ranging from oil and gas, construction, luxury goods to hospitals, non-profit organizations, and public sectors.
The Royal ransomware group was particularly active in November 2022, which was the first month the group appeared on the map. During this month, it launched 29 attacks worldwide. From November 2022 to March 2023, the group carried out 106 ransomware attacks. Royal’s targets spanned 18 countries, including the U.S., Canada, the U.K, Australia, France, and Germany.
The ransomware itself is a 64-bit Windows executable written in C++.
In the first quarter of 2023, Royal’s ransomware attacks were primarily directed toward companies that had between 51 and 100 employees. However, the group targeted firms of all sizes, ranging from those with only one employee to enterprises with over 10,000. Despite being a relatively new ransomware group, Royal is already among the top three most notorious groups, with 26 attacks launched in March 2023 alone. In comparison, LockBit, the most infamous ransomware group, conducted 76 and AlphaVM (Blackcat) 28 attacks in the same month.
The demands for ransom by the Royal actors have ranged from $1 million to $11 million in Bitcoin.
According to analyst Aivaras Vencevicius, head of product for NorLocker: “Adopting proper file hygiene practices, regularly using encryption, and maintaining backups are critical cybersecurity measures that can mitigate the impact of a cyberattack. While these practices may not prevent a cyberattack altogether, the ability to restore data immediately can ensure business continuity, and encrypted files will be unreadable to hackers.”
The main measures that companies can take now to protect their business are:
- Investing in cybersecurity training for employees can help prevent cybersecurity threats because 82% of cyberattacks are caused by human error. Regularly organizing cybersecurity training for all employees, along with a holistic approach that includes every member of the company, can be an effective cost-saving measure.
- Implementing and enforcing periodic data backup and restoration processes. An encrypted cloud might be the most secure solution. File hygiene and backups can’t stop cyberattacks, but they give the company leverage.
- Updating software is a vital cybersecurity measure that prevents the exploitation of vulnerabilities caused by outdated software, which is commonly utilized by cybercriminals. It is essential to educate everyone in the company about the importance of keeping software up to date to minimize the risk of cyberattacks.
- A zero-trust network access policy means that granting access to digital resources to staff members must only occur after verifiably confirming their identity. With this in place, organizations can be assured that their digital assets remain secure against internal and external cybersecurity threats.
In essence, a combination of automated and human-based security solutions are required to counteract the ransomware attackers.