Flashback to late April, the main concern for the City of Dallas was whether or not #1 draft pick Mazi Smith would be enough to stop Jalen Hurts from running all over the Cowboys this Fall. Flashforward a week later and the only thing the City of Dallas was worried about stopping was the ransomware that had impacted city services including the police department and 9-1-1.
In light of Dallas finally admitting (3 months later) that over 27,000 people had their sensitive data exposed along with over $8.5 million dollars being spent, lets look at the ransomware group that raised such havoc in the Big D- the group would be known as Royal.
Royal splashed onto the scene back in 2022. They are suspected to be made up of members of the now defunct Russian ransomware gang- Conti. Their most notable way of attack is through a strategy known as callback phishing. A method where a threat actor sends a person an email detailing a fake problem (i.e. your package can’t be delivered or do you want to cancel your subscription before you get billed). The recipient is like “no way do I want to pay for a subscription to Colossal Cake of the Month”, they click the link in the email (or call the number provided), follow the instructions given and BOOM they now have remote access malware loaded on their PC.
The threat actor later capitalizes on the remote access looking at the PC for valuable or sensitive data. They then use the PC to complete a lateral discovery throughout the connected network looking for vulnerabilities they can capitalize on. Think of it as having a crazy awesome security system that keeps people out of your house but before you go to bed your nephew shuts it down quick to let a solicitor in to hang out as you sleep.
Royal tends to enjoy a two-way ransom attack on victims. First encrypting the data so it is useless, inaccessible and therefore shutting down operations. Second, they threaten to expose the sensitive data if you don’t give them their bag of cash.
Royal is heavily funded with loads of experience. They are considered a high-level threat to enterprises across all verticals. To protect against such threats, organizations need to allocate resources and build a multi-facet security system that monitors 24x7. Contact Kansas City Cyber today and we can establish a strong effective defense strategy for your environment. #callbackphishing #ransomwareattack #protectyourself
Comentarios