We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Royal Ransomware Targeting Critical Infrastructure

Royal Ransomware Targeting Critical Infrastructure
Author Image Husain Parvez
Husain Parvez Published on 8th March 2023 Cybersecurity Researcher

The latest Cybersecurity Advisory from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) highlights the looming threat of the Royal ransomware targeting critical infrastructure. A new variant of Royal ransomware has affected organizations in the US and abroad since September last year.

In the joint statement, the FBI and CISA highlighted the ransomware variant had been identified as active as recently as January 2023. The custom variant relies on the Zeon loader and uses its own custom-made file encryption program. After gaining access to the victim’s network, it disables the antivirus software and exfiltrates large amounts of data before ultimately deploying the ransomware and encrypting the systems.

US federal agencies revealed that the ransomware has targeted critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education. To help organizations detect the Royal ransomware, the FBI and CISA shared Indicators of Compromise (IOC) within its advisory, which includes a list of IP addresses, tools, and file extensions used by the threat actors.

Based on the incidents observed and studied by Federal agencies, the hackers do not demand a ransom or provide payment instructions as part of the initial ransom note. Instead, the ransom note requires victims to directly interact with the threat actor using the dark web. Although the amount of ransom the Royal threat actors have been able to amass is unclear, they have demanded amounts ranging from approximately $1 million to $11 million USD, all in Bitcoin.

Royal ransomware variants can infect both Windows and Linux operating systems and was responsible for 19 attacks in February 2023, according to research gathered by Malwarebytes. The FBI and CISA advise that businesses and companies should keep all software up to date, ensure all passwords follow the National Institute for Standards and Technology (NIST) standards, enable multi-factor authentication, and follow all other points made in its latest Cybersecurity Advisory.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address