Recently, ArmorPoint's diligent analysts successfully identified and neutralized a new threat on the landscape developed by the notorious cybercriminal group known as the Royal Ransomware Group.

Identifying the Threat

In this particular case, ArmorPoint's analysts intercepted an unknown file that had not been previously flagged by security researchers. Despite the absence of a known threat score, ArmorPoint's Cybereason Ransomware Protection successfully detected and prevented the ransomware's execution. By closely analyzing the process and identifying behaviors typical of ransomware, ArmorPoint's team swiftly quarantined the threat. Furthermore, the file was added to the known malware blocklist, bolstering future defenses against similar attacks.

The Importance of Comprehensive Device Protection

Through investigating the network traffic logs, ArmorPoint discovered that the source of this malicious activity originated from a device belonging to the customer, connected to the network and company domain, but not installed with any monitoring or protection services. This incident highlights the significance of ensuring that all devices within an organization are diligently accounted for and equipped with robust security measures. By neglecting even a single device, organizations expose themselves to potential breaches and compromise the overall security posture.

The Risks of Unsupported Systems

Further analysis of the incident found that unfortunately other devices were also affected by the Royal Ransomware attack. These affected devices, predominantly older servers and workstations, were running unsupported operating systems and lacked the vital monitoring or protection services. This serves as a vital reminder of the importance of regularly updating security patches on all systems, with special attention to devices running End-Of-Life or unsupported software. Failing to maintain up-to-date systems leaves organizations susceptible to exploits targeting known vulnerabilities.

Enhancing Defense Strategies

Following this incident, ArmorPoint conducted an in-depth analysis of the tactics, techniques, and procedures used by the attackers. Armed with this valuable knowledge, ArmorPoint bolstered its defenses by incorporating new monitoring rules based on the lessons learned from this incident. This proactive approach ensures that future attacks utilizing similar tactics will be swiftly detected and thwarted, further strengthening the overall security posture of organizations under ArmorPoint's protection.

About ArmorPoint

ArmorPoint, LLC is a managed cybersecurity solution that combines the three pillars of a robust cybersecurity program — people, processes, and technology — into a single solution. Designed by cybersecurity experts, ArmorPoint’s cloud-hosted SIEM technology and extended detection and response capabilities enable businesses to implement a highly-effective, scalable cybersecurity program. With customizable pricing available, every ArmorPoint plan offers a dynamic level of managed security services that support the risk management initiatives of all companies, regardless of available budget, talent, or time. ArmorPoint is developed and powered by Trapp Technology, Inc., a Phoenix-based IT managed services provider. To learn more about ArmorPoint, visit


Ashley Capps

Chief Marketing Officer, Trapp Technology and ArmorPoint