Cyber security agency issues warning against 'Royal' ransomware that targets health, education sectors
The Indian cyber security agency has issued a warning against Royal ransomware virus that attacks critical sectors like communications, healthcare, education and even individuals and seeks pay-off in Bitcoins for not leaking personal data in the public domain.
FollowThe Indian cyber security agency has issued a warning about the ''Royal ransomware'' virus, which targets important sectors such as communications, healthcare, education, and even people and demands payment in Bitcoins in exchange for not exposing personal data into the public arena.
According to the Indian Computer Emergency Response Team, or CERT-In, this Internet-spread ransomware infiltrates through phishing emails, malware downloads, RDP (remote desktop protocol) abuse, and other types of social engineering.
According to cyber specialists, this ransomware was initially spotted in January 2022 and became active around September last year, even as US officials issued cautions against its spread.
"Royal ransomware targets a variety of critical infrastructure sectors, including manufacturing, communications, healthcare, education, and so on, as well as individuals.The ransomware encrypts the files on the victim's machine, and the attackers demand payment in bitcoin,'' according to the advisory.
The CERT-In is the government technological arm that combats cyber attacks and protects the cyber space from phishing and hacker attacks, among other online threats.
According to the advisory, "threat actors have used a variety of tactics to trick victims into installing remote access software as part of callback phishing, where they pretend to be various service providers. The ransomware attacks by encrypting files in a certain manner based on the size of the content.''
The virus's lethality may be gauged by the fact that, before encrypting the data it assaults, the ransomware examines the condition of the targeted files and deletes shadow copies to ''prevent recovery'' through service. After infiltrating the network, the malware attempts persistence and lateral movement. Furthermore, the ransomware exfiltrates a large amount of data prior to encryption, according to the advisory.
To protect against this and other ransomware attacks, the agency has proposed various countermeasures and Internet hygiene practises. Maintain offline backups of data, as well as backup and restoration on a regular basis, to guarantee that the company is not significantly disrupted and has irretrievable data. It is also advised that any backup data be encrypted, immutable (that is, it cannot be edited or destroyed), and cover the whole organization's data architecture.
The agency has also recommended a number of other best practises, including simple ones like keeping anti-virus software up to date and not clicking on unwanted emails with unfamiliar links.
Karnataka Election 2023: Will Basavaraj Bommai retain Shiggaon seat?
(With PTI Inputs)
