BleepingComputer reports that the Royal ransomware operation has been leveraging the newly emergent BlackSuit ransomware encryptor in limited attacks amid ongoing intrusions against enterprises.
While Royal ransomware, which descended from the Conti ransomware group, was previously thought to rebrand as BlackSuit, such a move by Royal suggests that it is only experimenting with a new encryptor, according to RedSense Partner and Head of R&D Yelisey Bohuslavskiy.
"They keep improving Emotet to try to revitalize it, and are working on IcedID a lot. Their experiments with new lockers are natural in this sense. I believe we may see more things like Blacksuit soon. But so far, it seems that both the new loader and the new BlackSuit locker were a failed experiment," Bohuslavskiy said. Such statements follow a Trend Micro study revealing significant overlaps between the encryptors of Royal ransomware and BlackSuit, including similarities in code, intermittent encryption techniques, and command line arguments.