"Microsoft: Royal Ransomware Group Using Google Ads in Campaign"

According to a new report from Microsoft's Security Threat Intelligence team, the Royal Ransomware group used Google Ads in one of their attack campaigns. The ransomware, which first appeared in September and claimed a number of victims, including one of the most popular motor racing circuits in the UK, is being distributed by multiple threat actors. The researchers said they discovered a "malvertising" campaign in late October in which the hackers, tracked as DEV-0569, used Google Ads to redirect users to a download site with malicious files. Microsoft stated that it reported the traffic distribution system abuse to Google. According to the researchers, DEV-0569 heavily relies on malvertising, phishing links that point to a malware downloader posing as software installers or updates embedded in spam emails, fake forum pages, and blog comments. Microsoft security researchers have noticed changes in the group's delivery methods over the last few months. These changes include the use of contact forms on targeted organizations' websites to deliver phishing links, the hosting of fake installer files on legitimate-looking software download sites and legitimate repositories to make malicious downloads appear authentic to targets, and the expansion of their malvertising technique by using Google Ads in one of their campaigns, effectively blending in with normal ad traffic. According to Microsoft, the methods allow the group to reach more targets and expand its victim base. This article continues to discuss new findings regarding the Royal Ransomware group.

The Record reports "Microsoft: Royal Ransomware Group Using Google Ads in Campaign"