Tag Archive for: Royal

CISA Warns Against Royal Ransomware in New Advisory

/in


The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning system defenders against the Royal Ransomware group.

Part of the Agency’s #StopRansomware campaign, the document was released on Thursday in collaboration with the FBI and describes tactics, techniques and procedures (TTPs) alongside indicators of compromise (IOCs) associated with Royal ransomware variants.

The joint Cybersecurity Advisory (CSA) says recent malicious activity by threat actors using a particular malware variant has been spotted since September 2022.

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used ‘Zeon’ as a loader,” reads the advisory.

After gaining initial access to networks via phishing, remote desktop protocol (RDP and other techniques, the threat actors were observed disabling antivirus software on victims’ machines and exfiltrating large amounts of data. They finally deployed the ransomware and encrypted systems.

“Royal actors have made ransom demands ranging from approximately $1m to $11m in Bitcoin,” CISA wrote.

At the same time, the Agency clarified that in observed incidents, Royal actors did not include ransom or payment instructions as part of its ransom note.

“Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a .onion URL (reachable through the Tor browser).”

At the time of writing, CISA wrote that Royal actors have targeted several critical infrastructure sectors, including manufacturing, communications, education and healthcare.

As in other #StopRansomware advisories, CISA also included a series of recommendations to reduce the likelihood and impact of ransomware incidents.

These include requiring all accounts with password logins to follow National Institute for Standards and Technology (NIST) standards,  keeping all systems up-to-date and performing network segmentation whenever possible.

The CISA advisory comes a few months after the emerging threat actor known as DEV-0569 was spotted by Microsoft developing new tools to deliver the Royal ransomware.

Source…

Royal Mail restores global shipping weeks after LockBit ransomware attack

/in


U.K. postal giant Royal Mail says it has finally restored international shipping after a ransomware attack downed its export services for over a month.

Royal Mail spokesperson Mark Street told TechCrunch on Thursday that it has reinstated international export services to all destinations for purchase online and at Post Office branches. “We are now processing close to normal daily volumes of international export mail with some delays,” Street said. In an incident update dated February 23, Royal Mail noted a “small number” of international untracked services for business contract customers continue to face some disruption.

Royal Mail faced severe disruption for six weeks after a January 10 cyberattack left the company unable to dispatch certain items overseas. While the organization had reinstated most online services in recent weeks, Royal Mail could not, until now, process international parcels at its 11,500 Post Office branches.

According to the BBC, Royal Mail ships to 231 countries and territories worldwide and shipped more than 150 million parcels overseas in the past year.

Royal Mail’s long-awaited service update comes as the Russia-linked LockBit ransomware gang, whose high-profile victims have also included NHS vendor Advanced, published some of the data it stole from Royal Mail on its dark web leak site. The prolific ransomware gang initially threatened to publish all stolen data on February 9.

The 45 gigabyte data dump published by LockBit, reviewed by TechCrunch, doesn’t appear to include sensitive customer or financial information, though it does contain at least one employee’s COVID-19 vaccination details.

“Royal Mail is aware that an unauthorized third-party has published some data allegedly obtained from our network,” Street told TechCrunch. “At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data. All of the evidence suggests that this data contains no financial information or other sensitive customer information. We continue to work closely with law enforcement agencies.”

Earlier this week, LockBit published what it claimed…

Source…

Royal Mail overseas parcels ban 'costing me hundreds of pounds' – BBC

/in



Royal Mail overseas parcels ban ‘costing me hundreds of pounds’  BBC

Source…

When will the Royal Mail cyber attack be fixed? What we know about how hack affects international deliveries

/in


Royal Mail has confirmed that a cyber attack is to blame for ongoing disruption to postal services.

The attack is believed to have already left more than half a million letters and parcels stuck in limbo, according to reports last week.

The attack is suspected to have come from a Russian-linked ransomware gang called Lockbit, though this is yet to be confirmed.

Here’s how the attack is affecting postal services, and when Royal Mail says it will be fixed.

How is the cyber attack affecting post?

Royal Mail is continuing to ask customers not to post items overseas while it investigates the cyber attack.

The company said it was experiencing “severe disruption” to its international export services and is temporarily unable to dispatch items abroad.

A Royal Mail distribution centre in Northern Ireland revealed its printers began “spurting” out copies of a ransom note on Tuesday, saying “your data are stolen and encrypted”.

In a statement issued on Monday, Royal Mail said: “To support faster recovery when our service is restored and to prevent a build-up of export items in our network, we’re asking customers not to post international items until further notice.”

“Items that have already been dispatched may be subject to delays.”

The company has been hit by disruption in recent months, with postal workers staging walkouts in a long-running dispute over jobs, pay, pensions and conditions.

It has caused havoc for businesses who rely on the delivery services, with major retailers such as Moonpig, Card Factory and Asos partially blaming the strikes for a drop in sales towards the end of 2022.

When will the cyber attack be fixed?

Simon Thompson, chief executive of Royal Mail, told a parliamentary select committee on Tuesday: “We’ve confirmed that we’ve had a cyber attack.”

He was unable to provide a date for when the issue will be resolved, telling MPs: “The team have been working on workarounds so that we can get the service up and running again.”

He added there would be “more news to share” soon.

Mr Thompson said he could not discuss any details of the attack, saying it would be “detrimental” to the ongoing investigation.

More from News

Will there be more Royal…

Source…