India Issues Cyber Alert Against Deadly “Royal Ransomware”

New Delhi: The Indian cyber security agency has issued a warning about a ransomware named “Royal ransomware” that targets vital industries including communications, healthcare, education, and even individuals. The virus asks for payment in Bitcoins in exchange for not disclosing personal information to the public.

The current advisory from the Indian Computer Emergency Response Team (CERT-In) claims that this ransomware, which spreads over the Internet, enters via phishing emails, malicious downloads, abuse of RDP (remote desktop protocol), and other forms of social engineering.

Cyber experts said that this malware was originally discovered in January 2022 and that it began to operate around September of last year, despite US officials issuing warnings about its expansion.

“Royal ransomware is targeting multiple crucial infrastructure sectors, including manufacturing, communications, healthcare, education, etc., or individuals. The ransomware encrypts the files on a victim’s system and attackers ask for ransom payment in bitcoin,” the advisory said.

“Attackers also threaten to leak the data in public domain if denied payment,” the advisory said.

The ransomware analyses the state of the targeted files and deletes shadow copies to “prevent recovery” through service, which is a sign of the virus’s deadly nature before it begins encrypting the data it targets.

The malware strives to persist and move laterally after it has gained access to the network. The ransomware disables antivirus protocols even after gaining access to the domain controller. The report also noted that the malware exfiltrates a significant amount of data before encryption.