Tag Archive for: Royal

Royal ransomware gang infiltrated networks weeks before striking

/in


Hackers began surveillance of the city of Dallas’ networks weeks before carrying out a devastating ransomware attack in May, according to a recent report on the incident

The 31-page After-Action Report, published last week, outlines what happened before, during and after the ransomware attack crippled critical systems used by the city’s police, firefighters, hospitals and government officials. As the ninth largest city in the country, Dallas was a “a logical choice for bad actors wishing to initiate and prosecute” an attack, the experts said.

The city operates more than 860 applications and has about 200 IT workers within the Dallas Department of Information & Technology Services (ITS).

The hackers — part of the Royal ransomware gang — first infiltrated government systems on April 7 and immediately began surveillance operations. They used a government service account to pivot into the city’s infrastructure and deploy remote management tools.

From April 7 to May 2, the hackers exfiltrated nearly 1.17 terabytes of data and prepared themselves to deploy the ransomware, which they did the following morning.

“Using its previously deployed beacons, Royal began moving through the City’s network and encrypting an apparently prioritized list of servers using legitimate Microsoft system administrative tools,” they explained.

“City attack mitigation efforts began immediately upon the detection of Royal’s ransomware attack. To thwart Royal and slow its progress, City Server Support and Security teams began taking high- priority services and service supporting servers offline. As this was done, City service restoration identification activities began.”

The city noted officials focused on restoring critical systems like the Public Safety Computer-Aided Dispatch, which was brought down during the attack and caused police and ambulances to go to the wrong location multiple times for days.

Officials also focused on 311 services and city-facing communication websites as the first systems that needed to be restored.

In addition to internal and external cybersecurity assistance, the city called on federal law enforcement agencies like the FBI and Cybersecurity and…

Source…

Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware

/in


One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit.

ZooTampa confirmed to Recorded Future News that it recently discovered an incident that impacted its network environment.

“Upon detecting the incident, the Zoo took swift action and promptly engaged third-party forensic specialists to assist us with securing the network environment and investigate the extent of the unauthorized activity. ZooTampa also contacted and are working with federal law enforcement,” a spokesperson said.

The organization notified employees and vendors whose information may have been accessed, while it continues to investigate.

“ZooTampa does not store personal or financial information on daily visitors or members,” they said.

The zoo, which is consistently ranked in the country’s top 10, is run by a nonprofit and was designated a center for Florida wildlife conservation and biodiversity by the state government. It is in the process of raising funds for a $125 million renovation announced in December.

The spokesperson did not respond to further questions about whether the attack involved ransomware, but on July 5 the BlackSuit ransomware gang claimed to have attacked the zoo.

The group is relatively new, having first appeared in May, and has posted three victims to its extortion site, according to Recorded Future ransomware expert Allan Liska. The Record is an editorially independent unit of Recorded Future.

According to Liska, the group appears to have ties to the Royal ransomware gang, which is responsible for headline-grabbing attacks on the city of Dallas and more. Both BlackSuit and Royal also have ties to the now defunct Conti ransomware group, which disbanded last June and splintered into several new gangs, according to experts.

While the BlackSuit group is new, the operators are likely experienced due to their work with Conti…

Source…

New Royal ransomware attacks leverage BlackSuit encryptor – SC Media

/in



New Royal ransomware attacks leverage BlackSuit encryptor  SC Media

Source…

Hackers use Royal Family website to promote links to porn and casinos | UK News

/in



Caption: Exclusive: Hackers use Royal Family's website to promote thousands of links to porn and casinosCredit Getty / royal
Hackers are using the Royal Family’s website to promote thousands of links to pornography and online casinos (Picture: Getty/royal.uk)

The Royal Family’s website is being used by ‘Black Hat SEO’ hackers to promote thousands of links to pornography and other adult content.  

Google is investigating after the prestigious royal.uk address was hijacked by spammers posting blurbs in a mixture of Mandarin Chinese and English.

Searches on the engine show that the official URL has been ‘malformed’ to link to explicit and potentially harmful content elsewhere on the web.

The majority advertise casino and gambling sites while hundreds link to pornography in the attempt to boost search engine optimisation (SEO).

The royals are among the victims of a practice whereby hackers use the online presence of reputable organisations to promote grubby content and increase their rankings in valuable search engine listings.

Although there is no inappropriate material visible on the royal website itself, the rogue links show up in Google searches. The official title complete with the Royal Coat of Arms appears above each result. 


The royal.uk brand is being used to promote seedy content (Picture: Google)
The royal.uk brand is being used to promote seedy content (Picture: Google)

The spammers are thought to have tampered with the royal domain’s metadata — the embedded words and descriptive data which tell people what the content is about. Crucially, it helps search engines understand and index web pages accurately. 

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said: ‘By Royal Appointment is one of the most valuable endorsements that a company can receive, and these hackers have found a way to gain credit via the back door. It looks like they have managed to insert some malicious code in the metadata of the official Royal Family website and hidden rogue links to all sorts of unsavoury pages.

‘Hackers often use phishing attacks to grab passwords, which can let them log in and edit the website metadata. 

‘Visitors to the website shouldn’t stumble across these links, but scammers are benefiting from the association with one of the world’s most prestigious domain names.’ 

Other trusted domain names have been used to promote and…

Source…