www.trendmicro.com
Open in
urlscan Pro
104.87.131.128
Public Scan
URL:
https://www.trendmicro.com/en_ca/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Submission: On December 26 via api from IN — Scanned from NL
Submission: On December 26 via api from IN — Scanned from NL
Form analysis 3 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off" placeholder="Unclear content? Search in dictionary..."
aria-label="Unclear content? Search in dictionary..."> <i class="acsbi-search"></i> <i class="acsbi-chevron_down"></i> </form>Text Content
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
dismiss
3 Alerts
* Cybersecurity insights from 26 years at Trend
dismiss
Read blog
* What you need to know about Cuba ransomware
dismiss
Read research
* Explore Trend Micro Vision One XDR, attack surface risk management, and zero
trust capabilities
dismiss
Register for demo series
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
For Home
Products Products
Trend Micro One - our unified cybersecurity platform >
Hybrid Cloud Security
Workload Security
Conformity
Container Security
File Storage Security
Application Security
Network Security
Open Source Security
Network Security
Intrusion Prevention
Advanced Threat Protection
Industrial Network Security
Mobile Network Security
Zero Trust Secure Access
User Protection
Endpoint Security
Email Security
Mobile Security
Web Security
Industrial Endpoint
Detection & Response
XDR
Attack Surface Risk Management
Powered by
AI/Machine Learning
Global Threat Intelligence
All Products & Trials
Our Unified Platform
Service Packages
Small & Midsize Business Security
Solutions Solutions
For Cloud
Cloud Migration
Cloud-Native App Development
Cloud Operational Excellence
Data Center Security
SaaS Applications
Internet of Things (IoT)
ICS / OT
Connected Car
5G Security for Enterprises
Risk Management
Ransomware
Cyber Insurance
End-of-Support Systems
Compliance
Detection and Response
Industries
Healthcare
Manufacturing
Oil & Gas
Electric Utility
Why Trend Micro Why Trend Micro
The Trend Micro Difference
Customer Successes
The Human Connection
Strategic Alliances
Industry Leadership
Research Research
Research
About Our Research
Research and Analysis
Research, News and Perspectives
Security Reports
Security News
Zero Day Initiative (ZDI)
Blog
Research by Topic
Vulnerabilities
Annual Predictions
The Deep Web
Internet of Things (IoT)
Resources
DevOps Resource Center
CISO Resource Center
What Is?
Threat Encyclopedia
Cloud Health Assessment
Cyber Risk Assessment
Enterprise Guides
Glossary of Terms
EXPLORE THE CYBER RISK INDEX (CRI)
Use the CRI to assess your organization’s preparedness against attacks, and get
a snapshot of cyber risk across organizations globally.
Calculate your risk
Services & Support Services & Support
Services
Service Packages
Managed XDR
Support Services
Business Support
Log In to Support
Technical Support
Virus & Threat Help
Renewals & Registration
Education & Certification
Contact Support
Downloads
Free Cleanup Tools
Find a Support Partner
For Popular Products
Deep Security
Apex One
Worry-Free
Worry-Free Renewals
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Marketplace
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Tools and Resources
Find a Partner
Education and Certification
Partner Successes
Distributors
Partner Login
Company Company
Overview
Leadership
Customer Success Stories
Human Connections
Strategic Alliances
Industry Accolades
Newsroom
Webinars
Events
Security Experts
Careers
History
Corporate Social Responsibility
Diversity, Equity & Inclusion
Trust Center
Internet Safety and Cybersecurity Education
Investors
Legal
×
Folio (0)
3 Alerts
* Cybersecurity insights from 26 years at Trend
dismiss
Read blog
* What you need to know about Cuba ransomware
dismiss
Read research
* Explore Trend Micro Vision One XDR, attack surface risk management, and zero
trust capabilities
dismiss
Register for demo series
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Free trials
* Cloud
* Detection and Response
* User Protection
Folio (0)
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* Cybersecurity insights from 26 years at Trend
dismiss
Read blog
* What you need to know about Cuba ransomware
dismiss
Read research
* Explore Trend Micro Vision One XDR, attack surface risk management, and zero
trust capabilities
dismiss
Register for demo series
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Find a Partner
* Home Office Online Store
* Renew Online
* Free Tools
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
* The Americas
* United States
* Brasil
* Canada
* México
* Middle East & Africa
* South Africa
* Middle East and North Africa
* Europe
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* Asia & Pacific
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
* Cloud
* Detection and Response
* User Protection
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
Ransomware
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback
Phishing Attacks
Subscribe
Content added to Folio
Folio (0) close
Ransomware
CONTI TEAM ONE SPLINTER GROUP RESURFACES AS ROYAL RANSOMWARE WITH CALLBACK
PHISHING ATTACKS
From September to December, we detected multiple attacks from the Royal
ransomware group. In this blog entry, we discuss findings from our investigation
of this ransomware and the tools that Royal ransomware actors used to carry out
their attacks.
By: Ivan Nicole Chavez, Byron Gelera, Monte de Jesus, Don Ovid Ladores,
Khristian Joseph Morales December 21, 2022 Read time: 6 min (1695 words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
Royal ransomware may have been first observed by researchers around September
2022, but it has seasoned cybercriminals behind it: The threat actors running
this ransomware — who used to be a part of Conti Team One, according to a mind
map shared by Vitali Kremez — initially dubbed it Zeon ransomware, until they
rebranded it to Royal ransomware. From September to December this year, we have
detected multiple attacks from Royal ransomware, with the US and Brazil being
the most targeted countries (Figure 1). This blog entry discusses in depth the
findings from our investigation of samples of this new piece of ransomware, as
well as the tools that Royal ransomware actors used to carry out their attacks.
Figure 1. Percentage of Royal ransomware attacks by country
INFECTION ROUTINE
External reports mention that the Royal ransomware group uses callback phishing
as a means of delivering their ransomware to victims (Figure 2). These phishing
attacks contain a number that leads to a service hired by the threat actors.
When contacted, they will use social engineering tactics to lure victims into
installing remote access software.
Figure 2. Royal ransomware’s attack flow
INSTALLATION
Our investigation found that the ransomware actors used a compiled remote
desktop malware, which was used to drop the tools they needed to infiltrate the
victim’s system: they used QakBot and Cobalt Strike for lateral movement, while
NetScan was used to look for any remote systems connected to the network. Once
they infiltrated the system, the ransomware actors used tools such as PCHunter,
PowerTool, GMER, and Process Hacker to disable any security-related services
running in the system. They then exfiltrate the victim’s data via the RClone
tool. We also observed an instance in which they used AdFind to look for active
directories, then executed RDPEnable on the infected machine.
PAYLOAD
Once everything has been set up, the ransomware actors used PsEXEC to execute
the malware. The PsEXEC commands contain the ID of the victim, along with any
argument that the actors applied to the ransomware. There were also instances of
the malware actors using PsEXEC to enable the remote desktop protocol (RDP) of a
target system before executing the ransomware.
ANALYSIS
In part of our analysis, we used a ransomware sample with the detection name
Ransom.Win64.YORAL.SMYXCJCT. As shown in Table 1, Figure 3, and Figure 4, Royal
ransomware requires an argument of “-id {32-byte characters}” to execute on a
victim’s machine. It also accepts “-path” to specify a target file for
encryption and “-ep {value}” to calculate the partial file encryption of large
files.
In some earlier samples of the ransomware, the binary wouldn’t parse all the
arguments due to a bug in the code. For example, “-path” won't be processed if
provided after the "-id" argument; if provided before, there will be no "-id"
argument, so it will not proceed.
Argument Description -path {target path} If provided, will only encrypt the
contents of the target path -id {32-byte characters} Will be used as the
victim’s ID, which will be appended on the TOR link found in the dropped ransom
note. The process exists if not provided or if provided characters is not 32
bytes long -ep This argument is for the full or partial encryption of file
routine
Table 1. Arguments accepted by the Royal ransomware binary
Figure 3. Arguments accepted by the ransomware binary
Figure 4. Checking if length of provided “-id” is 32 bytes
It enumerates files and directories for encryption using FindFirstFileW,
FindNextFileW, and FindClose APIs (Figure 5).
Figure 5. File enumeration
The ransomware looks for available network shares for network encryption by
listing accessible local IPs, then uses NetShareEnum and attempts to connect on
ADMIN$ and IPC$ shares (Figure 6).
Figure 6. Looking for accessible local IPs then trying to connect to ADMIN$ and
IPC$
It checks for the number of processors in the infected system and uses it as a
base for the concurrent running threads for file encryption, as shown in Figure
7. By doing so, Royal ransomware significantly increases the speed of its file
encryption process.
Figure 7. Checking the number of processors
Royal ransomware inhibits system recovery by deleting shadow copies (Figure 8)
through the following command:
C:\\Windows\\System32\\vssadmin.exe delete shadows /all /quiet
Figure 8. Using vssadmin.exe to delete shadow copies
The ransomware encrypts files using OpenSSL’s Advanced Encryption Standard
(AES). It will encrypt the AES key and IV with RSA encryption using the embedded
RSA public key (Figure 9). The RSA-encrypted AES key and IV will be appended on
each encrypted file (Figure 10).
Figure 9. An RSA public key
Figure 10. Generation of AES Key and IV
The malicious actors behind Royal ransomware use a form of intermittent
encryption tactic to speed their encryption process: the ransomware first checks
if the file size is divisible by 16, which is a requirement for AES (Figure 11).
If not, it rounds up the total size until it is divisible by 16. For example, if
the size is 18, it will append zero bytes to the file until it has a size of 32,
which is now divisible by 16. Aside from appending the needed zero bytes, it
also appends an extra 0x210 Zero bytes as a placeholder for the appended RSA
encrypted key.
Figure 11. Royal ransomware checking if file size is divisible by 16
For a file size that has been rounded-up, Royal ransomware will check if the
size is less than or equal to 5,245,000 bytes or if the value is set to 100
(0x64), as shown in Figure 12. If the file size is within these limits, it will
encrypt the entire file. For files greater than 5,245,000 bytes, file encryption
will take place per certain calculated blocks: for example, it will encrypt
first N bytes, then skip the next N bytes, then encrypt the next N bytes, and so
on.
Figure 12. Encryption process and calculation
Its calculation of N bytes is as follows:
X / 10* (Original file size) & 0xFFFFFFF0
* where X is the value set before encryption
* X is either 0x32 (50) or 0x64 (100)
* This value will also be used as indicator if full encryption or partial
encryption will be performed on the file
For example, with a file with a file size equal to 5,245,000:
N = 50/10 * (5245000 / 100) & 0xFFFFFFF0 = 0x40060 (262240)
If the calculated N is greater than 1,024,000, it will simply encrypt per
1,024,000 block instead (Figure 13).
Figure 13. Condition if N is greater than 1,024,000
The encrypted file’s structure would then be as follows (Table 2):
Description Size Encrypted File Contents Rounded-up file size divisible by 16
RSA Encrypted Key 0x200 bytes Size of encrypted file / offset address of RSA
Encrypted Key 8 bytes X value, 0x64 or provided value (usually 0x32), indicator
if full or partial encryption 8 bytes
Table 2. An encrypted file’s structure
The ransomware then renames the encrypted files by appending them with the
“.royal” extension, as demonstrated in Figures 14 and 15.
Figure 14. Royal ransomware appending “.royal” to encrypted files
Figure 15. Encrypted files appended with the “.royal” extension
For each directory it traverses, Royal ransomware drops a text file named
“README.TXT” that contains the ransom note (Figure 16), as well as an
advertisement for its “pentesting services” that the ransomware actors will
allegedly provide once the ransom has been paid (Figure 17).
Figure 16. Creation of the “README.TXT” file
Figure 17. Contents of "README.TXT" with the sample ID we used appended on the
TOR link.
SECURITY RECOMMENDATIONS
Our investigation into Royal ransomware attacks shows how the group employs a
mixture of both old and new techniques, which indicates that it is no newcomer
to the ransomware scene. Their use of callback phishing to lure victims into
installing remote desktop malware allows them to infiltrate the victim’s machine
with relative ease. Their intermittent encryption tactics also hasten their
encryption of a victim’s files, with the added benefit of evading detection
measures that focus on looking for heavy file IO operations. Despite their
“late” entry to the scene in September, the group already has ransomed multiple
companies, and we expect them to be more active in the upcoming months. More
details on Royal ransomware’s other capabilities can be found in Trend Micro’s
Threat Encyclopedia.
We highly advise users and organizations to update their systems with the latest
patches and apply multi-layered defense mechanisms. The emergence and success of
the Royal ransomware gang underscore how ransomware actors are finding more
innovative ways to repurposing existing tools and tactics as a means of
augmenting their attacks. End users and enterprises alike can mitigate the risk
of infection from new threats like Royal ransomware by following these security
best practices:
* Enable multifactor authentication (MFA) to prevent attackers from performing
lateral movement inside a network.
* Adhere to the 3-2-1 rule when backing up important files. This involves
creating three backup copies on two different file formats, with one of the
copies stored in a separate location.
* Patch and update systems regularly. It’s important to keep operating systems
and applications up to date and maintain patch management protocols that can
deter malicious actors from exploiting any software vulnerabilities.
Companies can also benefit from the use of multilayered detection and response
solutions such as Trend Micro Vision One™, which provides powerful XDR
capabilities that collect and automatically correlate data across multiple
security layers — email, endpoints, servers, cloud workloads, and networks — to
prevent attacks via automated protection, while also ensuring that no
significant incidents go unnoticed. Trend Micro Apex One™ also provides
next-level automated threat detection and response to protect endpoints against
advanced issues, like human-operated ransomware.
INDICATORS OF COMPROMISE (IOCS)
SHA-256 Detection Description
c0063d24f3de4e7b89abf9b690a3d264efc6ab7a626f73ad9f42d6bffe52bce7
Trojan.Win64.COBALT.BE CobaltStrike
fef79160f0ce9aa9dec15c914f2c2b40b2ae1ec2b0e65e414545dbc994afd73d
Trojan.Win64.COBALT.BE CobaltStrike
3434271f2038afaddad4caad8000e390b3573b2b53e02841653a4ee0dfd73674
Trojan.Win64.COBALT.BE CobaltStrike
0ac0b3758359855e96367b6c83b0aabdc6cfb59b4caa1cec48632defd21cdf3c
Trojan.Win64.COBALT.BE CobaltStrike
451cef0085dc5b474cc5c68af079d0367d7d2ec73ae2210788beb5297e1fbd6d
Trojan.Win64.COBALT.BE CobaltStrike
e710e902507ad63e1d2ce1220212b1a751b70504259457234103bb22845a9424
Trojan.Win32.QAKBOT.DRSV QakBot
2718dcbb503b6334078daf4af61e17a547fb80c9b811c26cfc9d32f5ce63a826
Trojan.Win32.QAKBOT.DRTE QakBot
abf937fb2f162d1dbbe76c7386c9892db5191e17de586f0a5c49819cd68b5e0f
Trojan.Win32.DEYMA.AM Compiled Remote Desktop Malware
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4
PUA.Win64.ProcHack.AC Process Hacker
572d88c419c6ae75aeb784ceab327d040cb589903d6285bbffa77338111af14b
HackTool.Win32.NetScan.AG NetScan
094d1476331d6f693f1d546b53f1c1a42863e6cde014e2ed655f3cbe63e5ecde
HackTool.Win32.ToolPow.SM PowerTool
e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173
PUA.Win32.GMER.YABBI GMER
d1aa0ceb01cca76a88f9ee0c5817d24e7a15ad40768430373ae3009a619e2691
PUA.Win64.PCHunter.B PCHunter
bb48f5c915ab7bbbbbf092a20169aaf3ced46b492ed69550854a55254ce10572
Backdoor.Win32.SWRORT.YXCJ5Z Malware Component
e263b9d5467bf724000966da2acfe06520a464c566e4b3d9833213f850f3f1f2
HackTool.Win32.Adfind.THLOFBB AdFind
ac49c114ef137cc198786ad8daefa9cfcc01f0c0a827b0e2b927a7edd0fca8b0
HackTool.BAT.RDPEnable.A RDPEnable
2598e8adb87976abe48f0eba4bbb9a7cb69439e0c133b21aee3845dfccf3fb8f
Ransom.Win64.YORAL.SMYXCJCT Royal Ransomware Binary
cdd7814074872fc35d18740cdd4e8a5fefcfd6b457fde2920383fd5b11903fc5
Ransom_Royal.R06CC0DK222 Royal Ransomware Binary
a61b71ee73ea8c0f332591e361adeda04705c65b5f4d549066677ec4e71212f7
Ransom.Win32.YORAL.YXCKB Royal Ransomware Binary
56e8bd8b0c5bfb87956f7915bc47a9ecf5d338b804cee1dccacf53400d602be3
Ransom.Win32.YORAL.YECJYT Royal Ransomware Binary
Tags
Latest News | Ransomware | Web | Articles, News, Reports
AUTHORS
* Ivan Nicole Chavez
Threat Analyst
* Byron Gelera
Threats Analyst
* Monte de Jesus
Threats Analyst
* Don Ovid Ladores
Threats Analyst
* Khristian Joseph Morales
Threats Analyst
Contact Us
Subscribe
RELATED ARTICLES
* IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
* Web3 IPFS Currently Used For Phishing
* Industry 4.0: CNC Machine Security Risks Part 1
See all articles
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Center
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2022 Trend Micro Incorporated. All rights reserved.
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.Learn
more
Cookies Settings Accept
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Clear flashes & reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
ADHD Friendly Profile More focus & fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Cognitive Disability Profile Assists with reading & focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
Keyboard Navigation (Motor) Use website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
OFF ON
Blind Users (Screen Reader) Optimize website for screen-readers
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
High Contrast
High Saturation
Adjust Text Colors
Cancel
Monochrome
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility By
Learn More
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Polski
Türk
Accessibility StatementCompliance status
We firmly believe that the internet should be available and accessible to anyone
and are committed to providing a website that is accessible to the broadest
possible audience, regardless of ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web
Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA
level. These guidelines explain how to make web content accessible to people
with a wide array of disabilities. Complying with those guidelines helps us
ensure that the website is accessible to blind people, people with motor
impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as
accessible as possible at all times. We utilize an accessibility interface that
allows persons with specific disabilities to adjust the website’s UI (user
interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the
background and optimizes its accessibility level constantly. This application
remediates the website’s HTML, adapts its functionality and behavior for
screen-readers used by blind users, and for keyboard functions used by
individuals with motor impairments.
If you wish to contact the website’s owner please use the website's form
Screen-reader and keyboard navigation
Our website implements the ARIA attributes (Accessible Rich Internet
Applications) technique, alongside various behavioral changes, to ensure blind
users visiting with screen-readers can read, comprehend, and enjoy the website’s
functions. As soon as a user with a screen-reader enters your site, they
immediately receive a prompt to enter the Screen-Reader Profile so they can
browse and operate your site effectively. Here’s how our website covers some of
the most important screen-reader requirements:
1. Screen-reader optimization: we run a process that learns the website’s
components from top to bottom, to ensure ongoing compliance even when
updating the website. In this process, we provide screen-readers with
meaningful data using the ARIA set of attributes. For example, we provide
accurate form labels; descriptions for actionable icons (social media icons,
search icons, cart icons, etc.); validation guidance for form inputs;
element roles such as buttons, menus, modal dialogues (popups), and others.
Additionally, the background process scans all of the website’s images. It
provides an accurate and meaningful image-object-recognition-based
description as an ALT (alternate text) tag for images that are not
described. It will also extract texts embedded within the image using an OCR
(optical character recognition) technology. To turn on screen-reader
adjustments at any time, users need only to press the Alt+1 keyboard
combination. Screen-reader users also get automatic announcements to turn
the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with popular screen readers such as JAWS,
NVDA, VoiceOver, and TalkBack.
2. Keyboard navigation optimization: The background process also adjusts the
website’s HTML and adds various behaviors using JavaScript code to make the
website operable by the keyboard. This includes the ability to navigate the
website using the Tab and Shift+Tab keys, operate dropdowns with the arrow
keys, close them with Esc, trigger buttons and links using the Enter key,
navigate between radio and checkbox elements using the arrow keys, and fill
them in with the Spacebar or Enter key.
Additionally, keyboard users will find content-skip menus available at any
time by clicking Alt+2, or as the first element of the site while navigating
with the keyboard. The background process also handles triggered popups by
moving the keyboard focus towards them as soon as they appear, not allowing
the focus to drift outside.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F”
(forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
Disability profiles supported on our website
* Epilepsy Safe Profile: this profile enables people with epilepsy to safely
use the website by eliminating the risk of seizures resulting from flashing
or blinking animations and risky color combinations.
* Vision Impaired Profile: this profile adjusts the website so that it is
accessible to the majority of visual impairments such as Degrading Eyesight,
Tunnel Vision, Cataract, Glaucoma, and others.
* Cognitive Disability Profile: this profile provides various assistive
features to help users with cognitive disabilities such as Autism, Dyslexia,
CVA, and others, to focus on the essential elements more easily.
* ADHD Friendly Profile: this profile significantly reduces distractions and
noise to help people with ADHD, and Neurodevelopmental disorders browse,
read, and focus on the essential elements more easily.
* Blind Users Profile (Screen-readers): this profile adjusts the website to be
compatible with screen-readers such as JAWS, NVDA, VoiceOver, and TalkBack. A
screen-reader is installed on the blind user’s computer, and this site is
compatible with it.
* Keyboard Navigation Profile (Motor-Impaired): this profile enables
motor-impaired persons to operate the website using the keyboard Tab,
Shift+Tab, and the Enter keys. Users can also use shortcuts such as “M”
(menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to
jump to specific elements.
Additional UI, design, and readability adjustments
1. Font adjustments – users can increase and decrease its size, change its
family (type), adjust the spacing, alignment, line height, and more.
2. Color adjustments – users can select various color contrast profiles such as
light, dark, inverted, and monochrome. Additionally, users can swap color
schemes of titles, texts, and backgrounds with over seven different coloring
options.
3. Animations – epileptic users can stop all running animations with the click
of a button. Animations controlled by the interface include videos, GIFs,
and CSS flashing transitions.
4. Content highlighting – users can choose to emphasize essential elements such
as links and titles. They can also choose to highlight focused or hovered
elements only.
5. Audio muting – users with hearing devices may experience headaches or other
issues due to automatic audio playing. This option lets users mute the
entire website instantly.
6. Cognitive disorders – we utilize a search engine linked to Wikipedia and
Wiktionary, allowing people with cognitive disorders to decipher meanings of
phrases, initials, slang, and others.
7. Additional functions – we allow users to change cursor color and size, use a
printing mode, enable a virtual keyboard, and many other functions.
Assistive technology and browser compatibility
We aim to support as many browsers and assistive technologies as possible, so
our users can choose the best fitting tools for them, with as few limitations as
possible. Therefore, we have worked very hard to be able to support all major
systems that comprise over 95% of the user market share, including Google
Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS, and NVDA
(screen readers), both for Windows and MAC users.
Notes, comments, and feedback
Despite our very best efforts to allow anybody to adjust the website to their
needs, there may still be pages or sections that are not fully accessible, are
in the process of becoming accessible, or are lacking an adequate technological
solution to make them accessible. Still, we are continually improving our
accessibility, adding, updating, improving its options and features, and
developing and adopting new technologies. All this is meant to reach the optimal
level of accessibility following technological advancements. If you wish to
contact the website’s owner, please use the website's form
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...