‘Royal’ ransomware attacks health & education sectors, cyber alert issued

New Delhi: The Indian cyber security agency has issued a warning against "Royal ransomware" virus that attacks critical sectors like communications, healthcare, education and even individuals and seeks pay-off in Bitcoins for not leaking personal data in the public domain.

The Indian Computer Emergency Response Team or CERT-In has stated in a latest advisory that this Internet spread ransomware sneaks in through phishing emails, malicious downloads, abusing RDP (remote desktop protocol) and other forms of social engineering. This ransomware, cyber experts told PTI, was first detected in January 2022 and it got active sometime around September last year even as the US authorities issued advisories against its spread.

"Royal ransomware is targeting multiple crucial infrastructure sectors, including manufacturing, communications, healthcare, education, etc. or individuals. The ransomware encrypts the files on a victim's system and attackers ask for ransom payment in bitcoin," the advisory said.

"Attackers also threaten to leak the data in public domain if denied payment," the advisory said.

The CERT-In is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks. The advisory said the "threat actors have followed many tactics to mislead victims into installing the remote access software as a part of callback phishing, where they pretend to be various service providers."

The ransomware infects "using a specific approach to encrypt files depending on the size of the content."

The lethality of this virus can be gauged from the fact that before starting encryption of the data it attacks, the ransomware checks the state of targeted files and deletes shadow copies to "prevent recovery" through service.