Royal

Malware updated 7 months ago (2024-03-17T00:16:24.121Z)
Download STIX
Preview STIX
Royal is a highly sophisticated malware operation known for its ransomware attacks on enterprise organizations. The group, which has ties to the infamous Conti cybercrime gang, came into prominence in Q4 2022, dominating the ransomware scene along with other notorious malwares such as LockBit and BlackCat. The Royal operators typically infiltrate their targets' networks by exploiting security vulnerabilities in publicly accessible devices or through callback phishing attacks. They encrypt the victims' systems and demand substantial ransoms, ranging from $250,000 to tens of millions per attack. Their first encryptor, Zeon, was reminiscent of those generated by Conti, but they switched to the Royal encryptor after undergoing a rebranding in mid-September 2022. The Royal malware operation has been associated with significant breaches across various critical infrastructure sectors including manufacturing, communications, healthcare, public healthcare, and education. In June, BleepingComputer reported that the Royal ransomware gang had been testing a new BlackSuit encryptor, which shares many similarities with the operation's usual encryptor. Despite expectations that the Royal ransomware operation would undergo another rebranding following the emergence of the BlackSuit ransomware operation in May, this did not occur. Royal continues to actively target enterprise organizations using BlackSuit in limited attacks. The efforts to combat Royal have involved international cooperation. A significant breakthrough occurred when a syndicate linked to Royal was apprehended in a joint operation by the Royal Malaysian Police, the Australian Federal Police, and the FBI. The syndicate had compromised websites of financial and educational institutions, as well as official government sites in Australia, and was also involved in selling stolen credentials. This seizure represented a major step forward in the fight against the harmful activities of the Royal malware operation.
Description last updated: 2024-03-17T00:16:24.079Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Royal Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago