The Cybersecurity and Infrastructure Security Agency and the FBI have issued an update on the indicators of compromise and tactics, techniques and procedures linked to Royal ransomware in a previous joint CISA-FBI advisory. The malicious approaches observed recently revolve around Royal ransomware’s rebranding to “BlackSuit” with improved cyberattack capabilities, CISA said Wednesday.
According to the new advisory, phishing emails are among the BlackSuit actors’ most successful vectors for ransomware deployment and data exfiltration.
The actors use the exfiltrated data for extortion, threatening to publicly release them to a leak site if the victim fails to pay ransom ranging from $1 million to $10 million.
CISA and the FBI urge network defenders to adopt mitigation strategies aligned with the Cross-Sector Cybersecurity Performance Goals that the National Institute of Standards and Technology and CISA developed.
One suggested cybersecurity approach calls for administrator accounts to have a phishing-resistant multifactor authentication, particularly for webmail and virtual private networks.
Other cyber safety suggestions in the update include disabling hyperlinks in received emails and macros by default.