Novel Royal ransomware operation ramps up attacks

More corporations are being targeted by the Royal ransomware operation, which was launched in January but has significantly ramped up malicious activity this month, imposing demands of $250,000 to more than $2 million for its targets, BleepingComputer reports. Royal ransomware commences its attacks with callback phishing messages spoofing food delivery and software providers luring victims to contact included phone numbers to cancel their supposed subscriptions, according to AdvIntel CEO Vitali Kremez. Social engineering tactics will then be leveraged by the operation to lure victims into installing remote access software used for initial network access. Meanwhile, an organization impacted by Royal ransomware noted that its network was compromised following the exploitation of a custom web app vulnerability. A fter launching Cobalt Strike for persistence, Royal worked to exfiltrate credentials and data, laterally spread across the Windows domain, and encrypt devices. Victims of Royal have been demanded ransoms between $250,000 and over $2 million but there has been no evidence of successful payments so far.