![]() Upon examining the ransomware’s attacks, we learned that it combines old and new techniques, which supports the theory that actors behind it have an extensive knowledge of the ransomware scene. Its threat actors being an offshoot from Conti may be the reason for its quick claim to fame as soon as it made headlines in the ransomware landscape. According to data from ransomware groups’ leak sites, 10.7% were attributed to Royal, with only LockBit and BlackCat ahead of it, accounting for 22.3% and 11.7% respectively. ![]() Deep roots, strong startĭespite being detected only in September 2022, Royal ransomware was among the three most prolific ransomware groups in the fourth quarter last year. ![]() Royal ransomware was first observed in September 2022, and the threat actors behind it are believed to be seasoned cybercriminals who used to be part of Conti Team One. Royal’s Linux counterpart also targets ESXi servers, a target expansion which can create a big impact on victimized enterprise data centers and virtualized storage. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog. In May 2021 we reported ransomware variants of DarkSide and in May 2022 we found Cheerscrypt, specifically targeting the ESXi servers, which are widely used for server virtualization by enterprises. ![]() We predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. ![]() Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |