top of page

Reconstructing the last activities of Royal Ransomware

Royal Ransomware group started its malicious activities since January, with other ransomware payloads. They started their malicious career as affiliated with other Ransomware-as-a-Service providers. During the last two months, they started to apply the Double Extorsion model, with an ad-hoc website in the Dark Web.

REFERENCE: iocs.temp

MALWARE FAMILY: Royal Ransomware

ATT&CK IDS: T1471 - Data Encrypted for Impact, T1605 - Command-Line Interface, T1083 - File and Directory Discovery

Read More:



Commenting has been turned off.
bottom of page