Ransomware, Threat Management

New Royal ransomware attacks leverage BlackSuit encryptor

Share

BleepingComputer reports that the Royal ransomware operation has been leveraging the newly emergent BlackSuit ransomware encryptor in limited attacks amid ongoing intrusions against enterprises. While Royal ransomware, which descended from the Conti ransomware group, was previously thought to rebrand as BlackSuit, such a move by Royal suggests that it is only experimenting with a new encryptor, according to RedSense Partner and Head of R&D Yelisey Bohuslavskiy. "They keep improving Emotet to try to revitalize it, and are working on IcedID a lot. Their experiments with new lockers are natural in this sense. I believe we may see more things like Blacksuit soon. But so far, it seems that both the new loader and the new BlackSuit locker were a failed experiment," Bohuslavskiy said. Such statements follow a Trend Micro study revealing significant overlaps between the encryptors of Royal ransomware and BlackSuit, including similarities in code, intermittent encryption techniques, and command line arguments.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.