Indian Cyber Security Agency issued an alert for ‘Royal’ Ransomware that specifically aims at the crucial sectors of India like Health, Communication, and education sectors. They generally cover each individual also and in return seek pay-offs in Bitcoins for not revealing personal data and information on public platforms.

One of the important agencies of India, the Indian Computer Emergency Response Team (CRET) just released a statement in a notice that the internet is spreading with the help of Phishing emails, unaware downloads, abusing RDP, and some other forms of social engineering. 

The agency first recognized this virus in the last year in January 2022 and it touched its peak sometime around September last year. Also, the US authority issued a warning advisory against its reach.

“Royal ransomware is targeting multiple crucial infrastructure sectors, including manufacturing, communication, healthcare, education, etc., or individuals. The ransomware encrypts that files on a victim’s system and attackers ask for a ransom payment in bitcoin,” the advisory can be read as.

Also added by the advisory as “Attackers also threaten to leak the data in Public Domain if denied payment.”

The advisory report further stated as “threat actors have followed many tactics to mislead victims into installing the remote access software as a part of callback phishing, where they pretend to be various service providers.” The virus infects “using a specific approach to encrypt files depending on the size of the content.” Adding more “It will divide the content into two segments i.e. encrypted and unencrypted. The malware may choose a small amount of data from a large file to encrypt so as to increase its chance of avoiding caution or detection. It adds 532 bytes at the end of the encrypted file for writing randomly generated encrypted key, the file size of the encrypted file, and encryption percentages parameter,” CRET said.

Authority suggested some updates in the regulation to have some counter-measures and internet hygiene protocols to secure from this ransomware attack and others like it.