Evans Consoles Corporate, a business that designs, equips, and supports mission-critical operations systems, was allegedly breached by the Royal ransomware group. Not much is known about the impact on the users and the data accessed during the incident.
The Cyber Express reached out to Evans Consoles but is yet to receive a response from them.
Screenshot of the leak site post (Photo: Dominic Alvieri)
Cybersecurity researcher Dominic Alvieri tweeted an update that shared a note posted by the the hacker collective. The note does not mention the amount of data stolen, ransom demanded, or a payment deadline.
The control room console manufacturer provides furniture understanding ergonomics requirements of operators and is thus expected to have client databases belonging to various enterprises.
Royal ransomware group
The members of the Royal ransomware group were first reported in January 2022. It was found that its members were sourced from a group of other groups, including the Conti ransomware group, TrickBot, and Roy.
The group has a private coding infrastructure, unlike some others that operate as ransomware-as-a-service (RaaS).
The group seeks a ransom ranging from $250,000 to over $2 million, a report by Kroll noted. The Royal ransomware group also targets Linux-based systems now as opposed to Windows systems in the past.
They have been known to contact targets using callback phishing scams with the gang’s number sent via email. The email urges the recipient to call on the number to resolve any particular dispute about a ‘subscription.’
Hence, users, especially employees of organizations are urged not to call back on numbers provided in emails that talk about a product, service, or subscription that they may have no need to call for or have not availed at all.
Often, the Royal ransomware group has been known to exploit Google Ads to reach targets and launch malware attacks.
The United States Health Sector Cybersecurity Coordination Center HC3 has warned users of the group’s Modus Operandi and targeting of the healthcare and education sector.
The H3C analyst note highlighted that the group deploys Cobalt Strike to maintain persistence in the cyberattack, steals login credentials, and moves laterally across systems to infect devices and increase targets.