Cybereason WARNS Global Organizations Against Attacks From the Royal Ransomware Group
Thursday, December 22, 2022
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.
BOSTON, Dec. 14, 2022 /PRNewswire-PRWeb/ -- Cybereason, the XDR company, today issued a new global threat alert warning public and private sector organizations about the emergence of the Royal Ransomware Group and the unique tactics, techniques and procedures they are deploying in attacks to evade detection. Companies should be on high alert for ransomware attacks during the holiday season and on weekends, as a recent Cybereason study shows attackers preying on vulnerable organizations.
The Royal Ransomware Group first emerged earlier this year, and so far has victimized dozens of companies around the world. The group appears to be operating under the supervision of other well known ransomware gangs, including Conti Group. The threat level from Royal attacks is HIGH and organizations should have precautionary steps to avoid falling victim.
Key Report Findings
-- Unique approach to evade anti-ransomware defenses: Royal ransomware
expands the concept of partial encryption, which means it has the
ability to encrypt a predetermined portion of the file content and base
its partial encryption on a flexible percentage encryption, which makes
detection more challenging for anti-ransomware solutions.
-- Multi-threaded ransomware: Royal ransomware employs multiple threads in
order to accelerate the encryption process.
-- Global ransomware operation: Royal ransomware operates around the world,
and reportedly on its own. The group doesn't appear to use
ransomware-as-a-service or to target a specific sector or country.
-- High Severity: Cybereason assesses the threat level from Royal
Ransomware to be HIGH given the rapid increase in attacks coming from
this group over the past 60-90 days.
Ransomware attacks can be stopped. Cybereason offers the following recommendations to organizations to reduce their risk:
-- Practice good security hygiene: For example, implement a security
awareness program for employees and ensure operating systems and other
software are regularly updated and patched.
-- Confirm key players can be reached at any time of day: Critical response
actions can be delayed when attacks occur over holidays and weekends.
-- Conduct periodic table-top exercises and drills: Include key
stakeholders from other functions beyondsecurity, such as Legal, Human
Resources, IT, and top executives, so everyone knows their roles and
responsibilities to ensure as smooth a response as possible.
-- Implement clear isolation practices: This will stop any further ingress
on the network and prevent ransomware from spreading to other devices.
Security teams should be proficient at things like disconnecting a host,
locking down a compromised account, and blocking a malicious domain.
-- Consider locking down critical accounts when possible: The path
attackers often take in propagating ransomware across a network is to
escalate privileges to the admin domain-level and then deploy the
ransomware. Teams should create highly secured, emergency-only accounts
in the active directory that are only used when other operational
accounts are temporarily disabled as a precaution or inaccessible during
a ransomware attack.
-- Deploy EDR on all endpoints: Endpoint detection and response (EDR)
remains the quickest way for public and private sector businesses to
address the ransomware scourge.
About Cybereason
Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides planetary-scale data ingestion, operation-centric MalOp(TM) detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.
Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook
Media contact:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
+1 (929) 259-3261
Media Contact
Bill Keeler, Cybereason, 929 259-3261, bill.keeler@cybereason.com
SOURCE Cybereason
|
|
|
|
|
 |
Sup AI Sets New Benchmark Record with 52.15% on Humanity's Last Exam | Jan 22, 2026
|
|
Weekly Recap: 11 Tech Press Releases You Need to See | Jan 22, 2026
|
|
DEADLINE ANNOUNCED FOR 2026 NEW TOP-LEVEL DOMAIN APPLICATIONS | Jan 22, 2026
|
|
Trigent Partners with WeWork India to Expand its GCC Footprint | Jan 22, 2026
|
|
Skunk Works® and XTEND Expand Joint All Domain Command and Control for Advanced Mission Execution | Jan 22, 2026
|
|
Altair HyperWorks 2026 Delivers Design and Simulation at Scale with AI | Jan 22, 2026
|
|
Exia Labs Brings Keystone to the U.S. Navy via DIU's Blue Object Management Challenge | Jan 22, 2026
|
|
Marketing Evolution Announces New Investment Led by Insight Partners to Power AI-Ready Marketing Data for the Agentic Era | Jan 22, 2026
|
|
Genpact Named a Leader in ISG Provider Lens(TM) 2025 for Insurance GCCs and Agentic AI Services | Jan 22, 2026
|
|
Glasswall Brings Defense-Level File Sanitization to Every Government Agency and Business Using Microsoft 365 | Jan 22, 2026
|
|
|
