Royal Ransomware group started its malicious activities since January, with other ransomware payloads. They started their malicious career as affiliated with other Ransomware-as-a-Service providers. During the last two months, they started to apply the Double Extorsion model, with an ad-hoc website in the Dark Web.
ADVERSARY: Royal Ransomware Group
MALWARE FAMILY: Royal Ransomware
ATT&CK IDS: T1471 - Data Encrypted for Impact, T1605 - Command-Line Interface, T1083 - File and Directory Discovery