CISA and FBI Issue Warning that Royal Ransomware Gang Could Rebrand as ‘BlackSuit’

    The Royal ransomware gang, known for various cyberattacks, might be planning a rebrand, as the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) recently reported. Since September 2022, this gang has attacked over 350 victims globally, demanding ransoms totaling more than 275 million USD. They exfiltrate data and extort victims before encrypting files, threatening to publish data on a leak site if they don’t receive a ransom.

    Links have emerged between the Royal ransomware gang and the now-defunct Conti ransomware gang, which shut down after attacking the Costa Rican government. Additionally, the emergence of BlackSuit ransomware has caught attention, notably targeting organizations like ZooTampa. Both Royal and BlackSuit ransomware attackers use legitimate software and open-source tools, including Chisel, Cloudflared, and Secure Shell (SSH) Client, in their operations.

    Before attacking Dallas, the Royal gang had targeted hospitals, intensifying its focus on healthcare facilities. Ransom demands for these attacks range from $250,000 to $2 million. The gang also targets businesses and organizations across the U.S. and the United Kingdom.

    The Royal ransomware represents a sophisticated and financially motivated operation. The FBI and CISA have released an advisory to help identify potential Royal or BlackSuit ransomware attacks.

    Latest articles

    Related articles