Close this search box.

New Warning About Royal Ransomware

Avatar photo
Bill Bowman

Airiam’s AirRescue™ incident response (IR) team recently helped several companies that fell victim to the Royal ransomware. We are seeing an up-tick in organizations falling victim to Royal and urge IT and business leaders to learn about the ransomware below, put steps in place to reduce the risk, and stay vigilant.

Video Discussion on Royal Ransomware

Airiam Senior IT Specialists Andrew Betts, Dan Baker, and Corey Burnett discuss their first-hand experience with the ransomware and give advice on how to stay safe in this video.

What is Royal Ransomware?

Royal refers to both the ransomware gang and the malware that encrypts systems. The group is an evolution of the Conti ransomware gang. Conti was a leading ransomware gang that reportedly broke up in 2022. Andrew says that Royal has devised new ways to make it difficult to recover organizations impacted.

According to the incident response experts, the ransomware often wipes backup data and formats the devices. Dan has observed that Royal will search for anything labeled “backup” or “archive” and then delete. This makes paying the ransomware gang pointless, as terabytes of data are already lost.

The group can even encrypt only specific parts of infrastructure and data, which are the most important. This technique maximizes the impact of the ransomware while limiting the gang’s time in the system. Dan says these targets are the top targets within an overall environment:

  1. Microsoft Active Directory (AD)
  2. Microsoft SQL Servers
  3. Backup files and servers

Corey continues saying that the Royal gang’s reconnaissance is on-point. They can discover what is most critical to a company and attack.

Ways to Reduce the Risk

An IT environment that is property configured and with the right cybersecurity software in place is cyber resilient. The AirRescue members give the following tips for reducing the risk of ransomware infection:

  • Implement and test a disaster recovery plan. This must be done before a cyber incident happens. Then if an incident does occur, it won’t be your first time responding and going through the steps.
  • Go beyond traditional antivirus. Invest in endpoint detection and response (EDR) and managed detection and response (MDR) software to stay protected from the newest threats.
  • Make sure you regularly patch your systems. Recent VMware vulnerabilities are a top method Royal gets in. Most of the systems the AirRescue team encounter on recovery engagements are running outdated operating systems.
  • Educate end-users about how to spot email phishing and do not click suspicious links. Corey says that 66% of ransomware attacks begin with phishing. Andrew says this issue is particularly prevalent in manufacturing companies.

The group agreed that Airiam has the tools to both stop ransomware attacks from happening and be resilient if an attack does succeed. AirCISO™ is Airiam’s extended detection and response (XDR) solution that can monitor and correlate system logs. AirGapd™ is Airiam’s solution for immutable cloud backups and disaster recovery. In a recent attack Dan responded to, Royal was not able to infect AirGapd and the company was restored.

To learn more about how to become cyber resilient and protected against Royal, send us a message.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

What Is Patching and Why Is It Important?

Fix Vulnerabilities with Effective Patch Management Software Development and Vulnerabilities Software development involves the creation of software designed to solve a problem or improve efficiencies within an organization. When writing the code, devel
Avatar photo
Bill Bowman
>>Read More

Best Managed Service Provider in Milwaukee-Chicago Metro Area

Airiam is the leading managed service provider in the Milwaukee-Chicago Metro Area, providing world-class IT support and cybersecurity solutions with a local touch. Managed Service Provider in Milwaukee, Wisconsin Airiam has served the the Milwaukee co
Jesse Sumrak
>>Read More

Expedia Phishing Attempts

As the season gets warmer, travel season gets bigger. We look for reputable websites and try to book flights, cars, and hotels as quickly and safely as possible. However, as much as we try to avoid scams, scammers search us out.  For example, there hav
Vivian Lee
>>Read More