A new scary ransomware group is on the rise

US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks – © AFP

According to a ransomware analysis report by NordLocker, Royal  is a new ransomware group launching record numbers of attacks. Despite being new and having appeared only a few months ago, Royal managed to launch 26 attacks in March 2023 worldwide, which puts it among the top three most notorious ransomware gangs globally.

Royal predominantly targets U.S. companies, accounting for almost 60 percent of its attacks. The group has been particularly active against finance and construction firms. In total, Royal has targeted 40 different industries, ranging from oil and gas, construction, luxury goods to hospitals, non-profit organizations, and public sectors.

The Royal ransomware group was particularly active in November 2022, which was the first month the group appeared on the map. During this month, it launched 29 attacks worldwide. From November 2022 to March 2023, the group carried out 106 ransomware attacks. Royal’s targets spanned 18 countries, including the U.S., Canada, the U.K, Australia, France, and Germany.

The ransomware itself is a 64-bit Windows executable written in C++.

In the first quarter of 2023, Royal’s ransomware attacks were primarily directed toward companies that had between 51 and 100 employees. However, the group targeted firms of all sizes, ranging from those with only one employee to enterprises with over 10,000. Despite being a relatively new ransomware group, Royal is already among the top three most notorious groups, with 26 attacks launched in March 2023 alone. In comparison, LockBit, the most infamous ransomware group, conducted 76 and AlphaVM (Blackcat) 28 attacks in the same month.

The demands for ransom by the Royal actors have ranged from $1 million to $11 million in Bitcoin.

According to analyst Aivaras Vencevicius, head of product for NorLocker: “Adopting proper file hygiene practices, regularly using encryption, and maintaining backups are critical cybersecurity measures that can mitigate the impact of a cyberattack. While these practices may not prevent a cyberattack altogether, the ability to restore data…