THREAT ACTOR: Royal Ransomware gang

Royal is an operation that launched in January 2022 and consists of a group of vetted and experienced ransomware actors from previous operations. Royal does not operate as a Ransomware-as-a-Service but is instead a private group without affiliates.

Initially, they used encryptors from other gangs like BlackCat, they quickly switched to using their own encryptors, the first being Zeon which generated Conti-like ransom notes.

Starting in mid-September, the ransomware gang rebranded again to "Royal" and uses a new encryptor that generates ransom notes with the same name. Unusually for a ransomware gang, the group also uses social engineering to trick corporate victims into installing remote access software following callback phishing attacks where the attackers impersonate software providers and food delivery services.


Incidents Associated with this Threat

  • December 1, 2022: Hackers Demand $60M Ransom from Intrado Telecommunications

Malware Used by this Threat Actor

No malware identified for this threat actor.

Pin It on Pinterest

Scroll to Top
Scroll to Top