Menu
Recently, a lesser-known ransomware operation named Royal has been observed ramping up its attacks against serval corporations with ransom demands ranging from $250,000 to over $2 million. The Royal ransomware operation was launched in January 2022 and is believed to be a private group without affiliates that consist of vetted and experienced ransomware actors from previous operations.
It was reported that at the start of their operation, they were observed utilizing other ransomware operations’ encryptors. Eventually, they were observed using their own encryptors which included Zeon. It is now believed that the Royal group utilizes targeted callback phishing attacks where they impersonate food delivery and software providers in emails pretending to be subscription renewals. Even though the group claims to steal data for double-extortion attacks, it does not appear that a data leak site has been launched under the Royal brand as of yet.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
