CISA Advisory

Royal Ransomware Threat Profile

AA23-061A • Published March 2, 2023

Severity: high

Royal is ransomware run by experienced hackers from a previous gang called Conti. They call victims pretending to be tech support to trick them into installing malware. Their ransom demands often exceed $1 million.

Overview

Advisory on Royal ransomware group, believed to comprise former Conti members. Royal uses callback phishing, disables security software, and has demanded ransoms from $1 million to $11 million.

Who Is At Risk

  • Manufacturing sector
  • Healthcare organizations
  • Education institutions
  • Government agencies
  • Critical infrastructure

Is your business exposed?

Immediate Actions

  1. 1.

    Train users on callback phishing

  2. 2.

    Protect antivirus from tampering

  3. 3.

    Monitor for disabled security tools

  4. 4.

    Segment critical systems

  5. 5.

    Implement immutable backups

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices