The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023.
Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and CISA believe this variant, which uses its own custommade file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.
Read more…
Source: U.S. Federal Bureau of Investigation