The Cybersecurity and Infrastructure Security Agency and the FBI have published a joint advisory to provide network administrators with information on indicators of compromise and tactics, techniques and procedures associated with Royal ransomware variants.
Royal threat actors have launched ransomware attacks targeting critical infrastructure sectors including communications, health care and public healthcare, manufacturing and education, the agencies said Thursday.
According to the advisory, cybercriminals have used a Royal ransomware variant to compromise U.S. and international organizations since September 2022.
Threat actors gain access to networks of victims by disabling antivirus software and exfiltrating large data volumes before fielding the ransomware and encrypting the systems. They demand ransom payments ranging from about $1 million to $11 million in the form of Bitcoin.
CISA and the bureau urge organizations to implement several measures to stop Royal ransomware attacks, such as implementing a recovery plan to retain and maintain multiple copies of proprietary or sensitive data, requiring multifactor authentication, implementing network segmentation and disabling unused ports.
