#StopRansomware: Royal Ransomware Update

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023. Since approximately Read More …

Clustering attacker behavior reveals hidden patterns

A collection of very specific behaviors, observed by Sophos X-Ops incident response analysts in the lead-up to four separate ransomware attacks in the first quarter of 2023, indicates an unexpected connection between the attacks. In the parlance of the Managed Read More …

Royal Ransomware expands attacks by targeting Linux ESXi servers

Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Trend Micro predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit Read More …

HHS: Ransomware groups continue to target U.S. health sector

The Royal and Blackcat ransomware groups continue to aggressively target the U.S. health sector, according to a recent advisory from the Department of Health and Human Services. Just this week, the Washington Post described an apparent recent attack by Blackcat Read More …

Royal ransomware claims attack on Intrado telecom provider

The Royal Ransomware gang claimed responsibility for a cyber attack against telecommunications company Intrado on Tuesday. While Intrado is yet to share any information regarding this incident, sources have told BleepingComputer early this month that the attack started on December Read More …

US Health Dept warns of Royal Ransomware targeting healthcare

The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country’s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security Read More …

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed Read More …