HQ/EMEAFind out how we can help your business
The Royal ransomware group has added the City of Dallas in Texas to its recent cyberattack victims. The attack has forced the town to shut down some of its systems to mitigate the attack propagation.
Based on reports, Dallas’ police communication and information technology systems were down earlier this week due to an alleged ransomware attack. This event forced the 911 headquarters to manually write reports for officers before deployment instead of a digital process for the dispatch system.
The county police department’s website of the city was also not accessible for some time due to security issues. Fortunately, it came back online shortly.
The subsequent event in Dallas confirms that Royal ransomware is the culprit of the attack.
Based on several sources, network printers across the city started printing ransom notes after the Royal ransomware attack. The IT department within the town warned employees to retain any printed notes, which allowed them to confirm the attackers’ identity.
Many researchers claimed that the Royal ransomware group is a subgroup of Conti that emerged after the latter gang’s shutdown. The operation started to brand itself as Royal at the end of 2022 and quickly gained prominence after targeting numerous enterprises worldwide.
The group has typically used callback phishing strategies to acquire initial access to targeted networks aside from breaching networks using known vulnerabilities within internet-exposed devices.
Some of the callback phishing attacks that the actors used have impersonated food delivery and software providers in emails that pretended to be subscription renewals. However, the emails contain phone numbers the victim could contact to cancel the fake subscription instead of including links to phishing websites. These phone numbers link to a service influenced by the Royal ransomware operators.
Subsequently, the ransomware actors employ social engineering tactics to urge the victim to install remote access software after the victim calls the number. This strategy allows them to access the corporate network of the target.
Royal ransomware is notorious for stealing data from networks before encrypting devices like other ransomware groups. The group uses the stolen information to execute extortion campaigns and pressure victims to provide their demands. Lastly, the group leaks these stolen details once their target does not comply.
