Ransomware attack telecom and manufacturing companies, healthcare organizations and educational institutions by encrypting their files.
In exchange for unlocking data, hackers demand payment for unlocking services in bitcoins.
Individuals have also fallen victim to hackers, who also receive threats that personal data could become public if they refuse to pay.
Royal ransomware infiltrates users’ computers via phishing emails, malware downloads, and remote desktop protocol (RDP).
Attackers do not neglect social engineering techniques, CERT-In cyber analysts say. They often mislead potential victims into installing infected software by posing as service providers.
Ransomware uses a specific approach to encrypting files, depending on their size, CERT-In experts say.
Malware can encrypt a small amount of data in a large file to reduce the chances of detection.
The virus adds 532 bytes at the end of the encrypted file to write the randomly generated encrypted key, the size of the encrypted file, and the encryption percentage.
After infiltrating the company s network infrastructure, the malware tries to gain a foothold in the network by disabling antivirus programs.
The ransomware then extracts data before encrypting it and deletes shadow copies of the files to prevent recovery.
The ransomware virus first became known in January 2022, and in September it became particularly active, despite a warning from U.S. authorities about its spread.
To avoid such attacks, CERT-In recommends that users back up their data offline, update their anti-virus software regularly, and ignore emails from unknown persons and do not click on suspicious links.
According to a recent study by ScamSniffer, cryptocurrency phishers are increasingly using Google Ads. User losses exceeded $4 million in a month.