There is a new type of ransomware called ‘Royal’ being distributed by multiple threat groups across the UK. They are successfully penetrating networks using Google ads and search results. This is combined with fake, but legitimate-looking, software download sites to trick users into downloading the malware. They are also using contact forms on business websites, emails, fake forum comments and blog posts. They point to the same malicious files and are having more success than other similar attacks.
The cyber attackers encrypt your data and offer the decryption key in return for a ransom payment. This can be hundreds of thousands, if not millions of pounds. Typically, ransoms are requested in a cryptocurrency such as Bitcoin so they can’t be traced. Even if you pay, there is still no certainty that the attackers will ever hand over the decryption key to you. Their intent is to wreak havoc, not strike deals.
Why is Royal ransomware more dangerous than other ransomware?
Rather than trying to access your network through vulnerabilities in your servers or firewalls, the attackers are tricking people (your employees) into downloading files that give them access to your network.
What can I do to defend my business against Royal ransomware?
Knowledge is power – that’s why we are making you aware of this threat. Your approach should be two-fold:
- The most vulnerable aspect of your business is your staff. Unless you communicate the importance of this threat, they are your weakest line of defence. Stress the importance of a “think before you click” approach to everything – websites, links in emails, pdfs. Everything that has a link COULD be a threat.
- Be prepared. Do you know how you will operate if you get locked out of all your systems? Do you have a disaster recovery plan? Have you tested if your backups can be restored? If the answer is no to any of these questions, please get in touch.
Speak to your IT team to ensure you are protected, or contact ILUX for extra support and guidance