"Royal Ransomware Puts Novel Spin on Encryption Tactics"

The Royal ransomware gang is demonstrating sophisticated tactics such as partial and rapid encryption, which researchers believe may reflect the years of experience its members gained as leaders of the now-defunct Conti Group. Royal ransomware appears to operate globally and independently. It does not appear that the group employs affiliates through Ransomware-as-a-Service (RaaS) or targets a specific sector or country. The group is known to demand up to $2 million in ransom and claims to have published 100 percent of the data extracted from its victims. Researchers from the Cybereason Security Research & Global SOC Team revealed that further analysis of how the Royal ransomware group works reveal an innovative group with varied ways to deploy ransomware and evade detection so it can do significant damage before victims can respond. The concept of partial encryption, which locks up only a predetermined portion of file content rather than all of it, is a key aspect of Royal's tactics. While partial encryption is not a new tactic, it is critical to Royal's strategy, with the group taking it to a new level not seen in ransomware activity before, according to the researchers. Royal has recently expanded the concept by basing the tactic on flexible-percentage encryption that can be tailored to the target, making detection more difficult, according to the Cybereason researchers. The group also uses multiple threads to accelerate the encryption process, giving victims less time to stop it once it begins, and the encryption starts and deploys in different ways, making detection difficult. This article continues to discuss new observations surrounding the Royal ransomware gang.

Dark Reading reports "Royal Ransomware Puts Novel Spin on Encryption Tactics"