์ํ ํ๊ฐ : Royal Ransomware
Royal Ransomware๊ฐ 2022๋ 9์๋ถํฐ ๊ด์ฐฐ๋ ์ด๋๋ก ์ค์ํ ์ธํ๋ผ, ํนํ ์๋ฃ ์๋น์ค๋ฅผ ๊ณต๊ฒฉํ๋ ๊ฐ์ธ ๊ทธ๋ฃน์ผ๋ก ๊ตฌ์ฑ๋์์ผ๋ฉฐ, Batloader ๊ฐ์ผ์ ํตํด ํํํ๊ณ SEO ์ค๋ ์ ํตํด ํผ์ ธ ์์ต๋๋ค. ELF ๋ณํ์ ๊ฐ๋ฐํ์ฌ Linux ๋ฐ ESXI ํ๊ฒฝ์ ์ํฅ์ ๋ฏธ์น๊ณ , RSA ๊ณต๊ฐ ํค ๋ฐ ๋์ฌ์จ์ด ๋ ธํธ๋ฅผ ํฌํจํ ๋ฌธ์์ด์ ์ผ๋ฐ ํ ์คํธ๋ก ์ ์ฅ๋ฉ๋๋ค. Cortex XDR์ ๋์ฌ์จ์ด ๊ทธ๋ฃน๊ณผ ์ฐจ์ธ๋ ๋ฐฉํ๋ฒฝ์ ์ฐ๋ถ ํด๋ผ์ฐ๋ ์ ๊ณต ๋ณด์ ์๋น์ค๋ฅผ ์ด์ฉํ์ฌ ๋ณดํธํ๊ณ , ์ฌ์ ํ๊ฐ๋ฅผ ์ ๊ณตํ์ฌ ํํ์ ๋๊ณ ์ํ์ ๋ฎ์ถ ์ ์์ต๋๋ค.
Threat Assessment: Royal Ransomware
Since Royal Ransomware has been observed since September 2022, it has been composed of important infrastructure, especially individual groups that attack medical services, compromised through Batloader infections and spread through SEO addiction.It develops ELF deformation and affects Linux and ESXI environments, and strings including RSA public and ransomware notes are stored in regular text.Cortex XDRโs ransomware groups and forest fires of next -generation firewalls can be protected to protect and provide preliminary evaluations to help compromise and lower risks.