Indian citizens and organisations have been alerted about the Royal Ransomware virus by the Indian Computer Emergency Response Team (CERT-In).
This malicious malware targets key infrastructure industries, such as manufacturing, communications, healthcare, and education, as well as individuals, encrypting their files and requesting payment in Bitcoin to prevent the release of private information to the public.
The CERT-In advisory claims that the RDP (remote desktop protocol) abuse, phishing emails, malicious downloads, and other forms of social engineering are all ways the Royal Ransomware infection spreads. This virus was discovered for the first time in January 2022, and it started to spread around September of last year, at which point the US government began to issue advisories against its expansion.
The report also disclosed that the threat actors employ a number of strategies to trick victims into installing remote access malware as part of callback phishing. In order to prevent recovery, the virus encrypts the data and deletes shadow copies once it has infected the system.
The Royal Ransomware virus contacts the victim directly via a.onion URL route (dark web browser), thus it doesn't reveal information like the ransom amount or any instructions. Additionally, the malware gains access to the domain controller exfiltrates a sizable amount of data before encryption, and disables antivirus protocols.
Prevention Tips
CERT-In has suggested a set of countermeasures and internet hygiene guidelines protect against this and similar ransomware attacks. These precautions include keeping backup data offline, frequently maintaining backup and restore, enabling protected files in Windows, blocking remote desktop connections, utilising least-privileged accounts, and restricting the number of users who can access resources via remote desktop.
Other best practices include keeping anti-virus software up to current on computer systems, avoiding clicking on links in unwanted emails, and encrypting all backup data such that it is immutable (cannot be changed or removed) and covers the entire organization's data architecture.
People and organisations should exercise caution and take the appropriate safety measures to protect themselves from this deadly virus. Following the suggested rules can help prevent data loss and lower your chances of suffering financial and reputational harm.
