Ransomware
Royal
First seen: 2022-09 • Status: inactive
Currently Inactive
Royal was run by ex-Conti hackers. They changed their name to BlackSuit in 2023.
Overview
Royal was operated by former Conti members. The group rebranded to BlackSuit in mid-2023.
Also Known As
Royal Ransomware
How It Spreads
- • Callback phishing
- • SEO poisoning
- • Malvertising
What It Does
- • File encryption
- • Partial encryption for speed
- • Data theft
Is your business exposed?
Target Platforms
Windows, Linux, VMware ESXi
Detection Tips
- • Watch for Royal/BlackSuit indicators
- • Monitor for callback phishing
MITRE ATT&CK Techniques
T1486, T1567
If You're Infected
- 1.
Check for BlackSuit rebrand indicators
- 2.
Engage incident response
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required