There are new warnings to businesses and risk managers over the rapid rise in a new cyber-criminal organisation and its ability to launch rapid and widespread attacks.
According to a ransomware analysis report by end-to-end file encryption tool company NordLocker, Royal is a new ransomware group launching record numbers of attacks. Despite being new and having appeared only a few months ago, Royal managed to launch 26 attacks in March 2023 worldwide, which puts it among the top three most notorious ransomware gangs globally.
Royal predominantly targets US companies, accounting for almost 60% of its attacks, according to the NordLocker ransomware analysis report. With 62 attacks recorded in the United States alone since November, the group has been particularly active against finance and construction firms. However, what’s concerning is that the group has not limited its attacks to specific sectors. In total, Royal has targeted 40 different industries, ranging from oil and gas, construction, luxury goods to hospitals, non-profit organizations, and public sectors.
“This range and versatility of targets pose a severe threat to global cybersecurity and make the Royal ransomware group one of the most dangerous cybercriminal groups in the world,” says Aivaras Vencevicius, head of product for NordLocker.
The study found the Royal ransomware group was particularly active in November 2022, which was the first month the group appeared on the map. That month, it launched 29 attacks worldwide. From November 2022 to March 2023, the group carried out 106 ransomware attacks. Royal’s targets spanned 18 countries, including the US, Canada, the UK, Australia, France, and Germany.
In the first quarter of 2023, Royal’s ransomware attacks were primarily directed toward companies that had between 51 and 100 employees. However, the group targeted firms of all sizes, ranging from those with only one employee to enterprises with over 10,000. Despite being a relatively new ransomware group, Royal is already among the top three most notorious groups, with 26 attacks launched in March 2023 alone. In comparison, LockBit, the most infamous ransomware group, conducted 76 and AlphaVM (Blackcat) 28 attacks in the same month.
The demands for ransom by the Royal actors have ranged from $1 million to $11 million in Bitcoin.
“Although we might think that cybersecurity is a very complex process, there are now very clear guidelines on how anyone can protect their business and money,” said Vencevicius. “Adopting proper file hygiene practices, regularly using encryption, and maintaining backups are critical cybersecurity measures that can mitigate the impact of a cyberattack. While these practices may not prevent a cyberattack altogether, the ability to restore data immediately can ensure business continuity, and encrypted files will be unreadable to hackers.”
NordLocker has said there are a range of measures that companies can take now to protect their business:
- Investing in cybersecurity training for employees can help prevent cybersecurity threats because 82% of cyberattacks are caused by human error. Regularly organizing cybersecurity training for all employees, along with a holistic approach that includes every member of the company, can be an effective cost-saving measure.
- Implementing and enforcing periodic data backup and restoration processes. An encrypted cloud might be the most secure solution. File hygiene and backups cannot stop cyberattacks, but they give the company leverage.
- Updating software is a vital cybersecurity measure that prevents the exploitation of vulnerabilities caused by outdated software, which is commonly utilised by cybercriminals. It is essential to educate everyone in the company about the importance of keeping software up to date to minimize the risk of cyberattacks.
- Lastly, a zero-trust network access policy means that granting access to digital resources to staff members must only occur after verifiably confirming their identity. With this in place, organizations can be assured that their digital assets remain secure against internal and external cybersecurity threats.