NordLocker Report: A new scary ransomware group is on the rise

The Royal ransomware group has launched 26 attacks in March alone

According to a ransomware analysis report by NordLocker, Royal is a new ransomware group launching record numbers of attacks. Despite being new and having appeared only a few months ago, Royal managed to launch 26 attacks in March 2023 worldwide, which puts it among the top three most notorious ransomware gangs globally.

Who are the main targets of Royal?

Royal predominantly targets US companies, accounting for almost 60% of its attacks, according to the NordLocker ransomware analysis report. With 62 attacks recorded in the United States alone since November, the group has been particularly active against finance and construction firms. However, what's concerning is that the group has not limited its attacks to specific sectors. In total, Royal has targeted 40 different industries, ranging from oil and gas, construction, luxury goods to hospitals, non-profit organizations, and public sectors.

"This range and versatility of targets pose a severe threat to global cybersecurity and make the Royal ransomware group one of the most dangerous cybercriminal groups in the world," says Aivaras Vencevicius, head of product for NordLocker.

The Royal ransomware group was particularly active in November 2022, which was the first month the group appeared on the map. That month, it launched 29 attacks worldwide. From November 2022 to March 2023, the group carried out 106 ransomware attacks. Royal's targets spanned 18 countries, including the US, Canada, the UK, Australia, France, and Germany.

In the first quarter of 2023, Royal's ransomware attacks were primarily directed toward companies that had between 51 and 100 employees. However, the group targeted firms of all sizes, ranging from those with only one employee to enterprises with over 10,000. Despite being a relatively new ransomware group, Royal is already among the top three most notorious groups, with 26 attacks launched in March 2023 alone. In comparison, LockBit, the most infamous ransomware group, conducted 76 and AlphaVM (Blackcat) 28 attacks in the same month.

The demands for ransom by the Royal actors have ranged from $1 million to $11 million in Bitcoin.

Instruments to keep businesses safe

"Although we might think that cybersecurity is a very complex process, there are now very clear guidelines on how anyone can protect their business and money," says Aivaras Vencevicius, head of product for NorLocker. "Adopting proper file hygiene practices, regularly using encryption, and maintaining backups are critical cybersecurity measures that can mitigate the impact of a cyberattack. While these practices may not prevent a cyberattack altogether, the ability to restore data immediately can ensure business continuity, and encrypted files will be unreadable to hackers."

Here are measures that companies can take now to protect their business:

-Investing in cybersecurity training for employees can help prevent cybersecurity threats because 82% of cyberattacks are caused by human error. Regularly organizing cybersecurity training for all employees, along with a holistic approach that includes every member of the company, can be an effective cost-saving measure.
-Implementing and enforcing periodic data backup and restoration processes. An encrypted cloud might be the most secure solution. File hygiene and backups can't stop cyberattacks, but they give the company leverage.
-Updating software is a vital cybersecurity measure that prevents the exploitation of vulnerabilities caused by outdated software, which is commonly utilized by cybercriminals. It is essential to educate everyone in the company about the importance of keeping software up to date to minimize the risk of cyberattacks.
-Lastly, a zero-trust network access policy means that granting access to digital resources to staff members must only occur after verifiably confirming their identity. With this in place, organizations can be assured that their digital assets remain secure against internal and external cybersecurity threats.

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 31/03/2023.

WeWork, 15 Bishopsgate P.O. Box 0834-02411, London, . P.O. Box 0834-02411 United Kingdom

Email viltare@nordsec.com

ABOUT NORDLOCKER
NordLocker, part of Nord Security, is an end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN - one of the most advanced VPN service providers in the world. NordLocker is available for Windows, macOS, and iOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information: nordlocker.com.

This release was published on openPR.