1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new Royal ransomware is already asking for millions

    From TechnologyDaily@1337:1/100 to All on Fri Sep 30 16:30:04 2022
    This new Royal ransomware is already asking for millions

    Date:
    Fri, 30 Sep 2022 15:05:59 +0000

    Description:
    A new ransomware actor is demanding millions in payment, researchers have found.

    FULL STORY ======================================================================

    A brand new ransomware operator has been discovered active in the wild, and even though its a new entrant, its already demanding major ransom payments.

    A new report from BleepingComputer together with cybersecurity intelligence firm AdvIntel has analyzed the groups activities, its encryptor, and its methodology.

    Apparently, the group is made up of experienced ransomware actors that came from other operations. They joined forces in January this year, and dont work as a RaaS, but rather as a private group with affiliates. At first, the group used other criminals encryptors, namely BlackCat, but soon pivoted to proprietary solutions. The first such encryptor is called Zeon. Starts with a phish

    Earlier this month, the group rebranded from Zeon to Royal, using that name both in the ransom note, and as the file extension for encrypted documents.

    The MO is nothing out of the ordinary: the attackers would first send a phishing email and urging the victims to call them back. On the call, the attackers would convince the victims to install remote access software and grant the attackers access to the endpoint . After that, the attackers would spread out across the network, map out and exfiltrate sensitive data, and encrypt all devices found on the network. Read more

    What is ransomware and how does it work?


    You're a ransomware victim: Here's 5 things you should do


    Check out our rundown of the best firewalls out there

    The victims would then find a ransom note, README.TXT, in which theyd get a Tor link where they can engage in negotiations with the attackers. Allegedly, Royal asks anywhere between $250,000 and $2 million for the decryption key. During the negotiations, the attackers would decrypt a few files to show
    their program works, and show the list of files theyd release to the internet if the demands arent met.

    So far there are no reports of any victims actually paying for the decryption key, so it is impossible to know just how successful the group is. Royals
    leak site is yet to be found. These are the best malware removal tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-new-royal-ransomware-is-already-asking-for -millions/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)