The Royal ransomware group’s rise up the cybercriminal pecking order continues with U.S. federal agencies revealing the gang has demanded more than $275 million from over 350 victims since September 2022.The new figures are included in a Nov. 13 update to a cybersecurity advisory profiling the gang. The advisory was initially published in March by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).In the updated advisory, the agencies said there are indications Royal may be preparing to rebrand or split into two threat groups, and noted its apparent links to another ransomware gang, BlackSuit.The Royal gang is believed to comprise mainly of former operatives of the Conti ransomware group, which shut down in the middle of last year.Royal’s attacks this year have included exfiltrating more than 1.1 TB of data from the City of Dallas, compromising information belonging to more than 30,000 individuals.“Royal conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid,” CISA and the FBI said, adding that one of the group's most successful vectors to gain initial access are phishing emails.According to a report by Coalition, Royal was one of the three most prolific ransomware groups in the first half of 2023, along with BlackCat and LockBit.
Ransomware
Royal ransomware gang’s demands top $275M from 350-plus victims in a year

Royal was one of the three most prolific ransomware groups in the first half of 2023, along with BlackCat and LockBit. (Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



