[CDP-development] CISA and FBI Cyber Advisory – #StopRansomware: Royal Ransomware

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Mar 2 10:17:02 PST 2023 

FYSA

As the Nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI), published a joint Cybersecurity Advisory (CSA) with recommended actions and mitigations to protect against Royal ransomware<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a> used by threat actors. Attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.

The advisory includes known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that were identified through FBI investigations as recently as January 2023.  According to third-party reporting, Royal actors most commonly gain initial access through phishing emails and secondly by Remote Desktop Protocol (RDP) compromise; FBI observed the exploitation of public-facing applications. Other trusted third-party reports indicate a tendency to leverage brokers to gain initial access, and source traffic by mining virtual private network (VPN) credentials from stealer logs.

Actions that organizations can take today to mitigate the ransomware cyber threat include, prioritize remediating known exploited vulnerabilities, train users to recognize and report phishing attempts, and enable and enforce multifactor authentication with strong passwords. With contributions from Coveware, Q6, RedSense, Digital Asset Redemption, and Recorded Future, CISA and the FBI encourage network defenders to review the advisory, implement the recommended mitigations in the advisory to limit potential adversarial techniques and reduce the risk of compromise by Royal ransomware.

This joint CSA is part of an ongoing #StopRansomware<https://www.cisa.gov/stopransomware> effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. It is available on stopransomware.gov, along with other advisories on the ransomware threat and no-cost resources. With our partner agencies, CISA is committed to helping organizations protect against all cyber threats through information sharing, services, and resources.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D94CF0.10F1E2D0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230302/9a2faca3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230302/9a2faca3/attachment-0001.png>

More information about the CDP-development mailing list