As per an advisory from the FBI and US-CISA, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022.
This marks the fourth malware iteration linked to the Royal Ransomware lineage, joining the ranks of Blackmatter (a derivative of Darkside ransomware), Hunters International (formerly known as Hive), and NoEscape (previously identified as Avaddon).
Evidently, law enforcement agencies have intensified their efforts against the Royal Ransomware variant, prompting the criminal group to opt for a rebranding strategy to sustain its operations within the dark web.
Over the past few months, US law enforcement, in collaboration with Interpol and global police agencies, has been diligently working to thwart the activities of cybercriminal organizations. Their endeavors involve tracing operational hubs, seizing assets, conducting investigations, and scrutinizing the motivations of these groups and the governments potentially backing them. Notably, many of these criminal entities have been linked to Russia or North Korea, while others have ties to countries such as Iran and China.
Despite concerted governmental efforts to eradicate these online threats, cybercriminal groups continue to proliferate, showcasing increased levels of sophistication.
A common strategy to combat such threats is to refrain from paying ransoms and instead recover data from secure backups. However, challenges arise with double extortion tactics, where hackers not only steal data but also threaten to release or sell it on the dark web.
Encrypting stored data serves as a preventive measure, making it inaccessible to data thieves even if the information is compromised. Reporting such incidents to law enforcement is crucial, as these agencies possess the expertise to track and promptly prosecute cybercriminals, effectively dismantling their infrastructure.
Alternatively, succumbing to hackers’ demands and paying a ransom becomes an option, albeit a risky one. There’s no guarantee that hackers will provide a decryption key or delete stolen data from their servers after receiving payment. Vigilance, preventive measures, and collaboration with law enforcement remain essential components of a robust defense against the evolving landscape of cyber threats.