Royal is a financially motivated cybercriminal ransomware organization that emerged in early 2022, initially operating under the name Zeon before rebranding to Royal in September 2022. Assessed with high confidence to be of Russian origin, the group is composed of experienced individuals, many believed to be former members of the Conti ransomware operation. Unlike many contemporary ransomware groups, Royal operates as a closed, private team rather than utilizing a Ransomware-as-a-Service (RaaS) model with affiliates, which contributes to its consistent tradecraft and tighter operational security. This structure also allowed the group to adapt quickly to new tactics. Royal is known for its aggressive targeting, high ransom demands, and its unique approach to encryption, employing partial encryption to evade detection and accelerate the process. The group ceased operations under the Royal name around June 2023, subsequently rebranding to BlackSuit.

URLs nuevas detectadas en IntelTracker