CISA Alert AA23-061A – #StopRansomware: Royal ransomware.

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 3 March 2023

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities. AA23-061A Alert, Technical Details, and Mitigations AA23-061A STIX XML Royal Rumble: Analysis of Royal Ransomware (cybereason.com) DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog 2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 2-3-TAC 0-61 Alpha.
0:21.0	Original release date, March 2nd, 2023.
0:25.0	CISA and FBI are releasing this joint advisory to disseminate known royal ransomware
0:33.0	IOCs and TTPs identified through recent FBI threat response
0:36.9	activities. Since approximately September 2022, cyber criminals have
0:42.0	compromised US and international organizations with a royal
0:45.4	ransomware variant.
0:47.0	FBI and CISA believe this variant, which uses its own custom-made file encryption program evolved from earlier iterations that used
0:54.5	Zeon as a loader. After gaining access to victims' networks, Royal Actors
0:59.7	disable antivirus software and exfiltrate large amounts of data before ultimately
1:04.4	deploying the ransomware and encrypting the systems.
1:08.3	Royal actors have made ransom demands ranging from approximately $1 million to $11 million in Bitcoin.
1:14.8	In observed incidents, Royal actors do not include ransom amounts and payment instructions
1:19.5	as a part of the initial ransom note.
1:22.0	Instead, the note which appears after encryption
1:24.6	requires victims to directly interact
1:26.5	with the threat actor via a dot onion URL.
1:30.1	Royal actors have targeted numerous critical infrastructure sectors including manufacturing,
1:34.4	communications, health care, and public health care and education.
1:39.4	FBI and CISA encourage organizations to implement the recommendations in the mitigation section of this alert to reduce the likelihood and impact of ransomware incidents.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.