November 13, 2023 at 03:43PM
The Royal ransomware gang has breached over 350 organizations worldwide since September 2022, demanding over $275 million in ransom. They conduct data exfiltration and extortion before encryption and will leak victim data if the ransom is not paid. The gang may be planning a rebranding initiative and a spinoff variant called BlackSuit. Royal has links to the Conti cybercrime gang and primarily targets enterprise systems, demanding ransoms ranging from $250,000 to tens of millions.
Key Takeaways from Meeting Notes:
1. The Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022, resulting in more than $275 million in ransom demands.
2. The FBI and CISA have released an updated advisory with additional information about Royal’s operations, including their data exfiltration and extortion tactics, as well as their use of phishing emails for initial access.
3. There is a possibility that Royal may plan a rebranding initiative and/or a spinoff variant called BlackSuit ransomware, as it exhibits similar coding characteristics to Royal’s encryptor. However, Royal is still actively using BlackSuit in limited attacks.
4. Royal has connections with the Conti cybercrime gang and has transitioned from using encryptors from other operations to deploying their own tools, such as the Royal encryptor and the upgraded version that can encrypt Linux devices.
5. Royal operators exploit security vulnerabilities in publicly accessible devices to infiltrate networks, but they also employ callback phishing attacks, where victims are tricked into installing remote access software.
6. The ransoms demanded by Royal range from $250,000 to tens of millions per attack.
Please let me know if there is anything else specific you would like to know from the meeting notes.