Cybersecurity notice

FBI, CISA Warn Agencies Against Royal Ransomware

The FBI and the Cybersecurity and Infrastructure Security Agency have issued a warning against the Royal ransomware that may pose a threat to organizations.

According to a joint cybersecurity advisory, the Royal ransomware has been used in several high-profile incidents that impacted hospitals, health care, communications, education and manufacturing organizations within and outside the United States. The joint advisory noted that the ransomware has been used since September to gain access to networks and exfiltrate large amounts of data.

The agencies also noted that hackers using Royal demand somewhere between $1 million and $11 million in bitcoin from their victims, The Record reported.

According to Microsoft, hackers use Google Ads, phishing emails, remote desktop protocol infiltration and other techniques to fool victims into downloading the ransomware. The files then disable antivirus software before siphoning data.

The agencies recommend that organizations implement recovery plans, passwords that comply with the National Institute of Standards and Technology measures, multifactor authentication, network segmentation and email banners.

The warning comes a week after the U.S. Marshals Service announced that a Feb. 17 hack saw sensitive data compromised. Lior Yaari, CEO and co-founder of Grip Security, said hackers used a compromised identity fabric to gain access to the agency’s systems and steal data.

The joint CSA also follows several announcements from the CISA about newly discovered lapses that have been added to its Known Exploited Vulnerabilities Catalog. These include loopholes in the IBM Aspera Faspex, Mitel’s MiVoice Connect and Cacti’s open-source platform.