The information below is for your information only. Always be alert and safe.
The Queensland Department of Education has been made aware of a ransomware variant called Royal.
What is ransomware?
Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so you can no longer access them. A ransom (money) is demanded to return access to the sensitive files. Cybercriminals might also demand a ransom to prevent data and intellectual property from being published or sold online.
Royal ransomware key points:
Royal ransomware has been successfully used by cybercriminals to compromise at least 70 organisations worldwide and includes the targeting of Australian critical infrastructure, and notably an educational institution.
- It restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the threat actors after encryption.
- This ransomware implements a 'double extortion' technique by uploading samples of stolen victim data obtained through the attack and threatening to sell and/or release additional information if their ransom demands are not met.
- A range of vectors are used to gain initial access into victim networks.
Remain vigilant for suspicious communication attempts and think carefully before you click on a link, open an unexpected attachment or download software.
Royal ransomware tactics being used:
Cybercriminals deploying Royal ransomware use a range of techniques including phishing, social engineering and exploitation of unpatched vulnerabilities.
Confirmed tactics include:
- Callback phishing – where victims are tricked into taking action, such as returning a phone call or opening an email attachment. When victims call the number from the phishing message, they are persuaded to install malicious remote access software
- Making malicious downloads appear authentic on legitimate software download sites
- Using Google Ads in a campaign to blend in with normal ads
- Using contact information located on an organisation's website to distribute phishing links
- Exploiting known vulnerabilities or common security misconfigurations
Report any suspicious communication immediately
If you receive any suspicious or unsolicited communication with links or attachments, whether that is from trusted or unknown sources.