Credential Theft
- Mimikatz
- NirSoft Dialupass
- NirSoft IEPassView (iepv)
- NirSoft MailPassView
- NirSoft Netpass
- NirSoft RouterPassView
Royal Ransomware is a ransomware threat group/operator tracked in reporting under the names "royal_ransomware" and "royal_ransomware_group." The provided content describes it as an active ransomware actor observed using multiple initial access vectors, including phishing, RDP compromise, credential abuse, vulnerability exploitation, malicious downloaders, and malvertising via Google ads.
Profile source: Mallory opens in a new tabRoyal Ransomware
Royal Ransomware is a ransomware threat group/operator tracked in reporting under the names "royal_ransomware" and "royal_ransomware_group." The provided content describes it as an active ransomware actor observed using multiple initial access vectors, including phishing, RDP compromise, credential abuse, vulnerability exploitation, malicious downloaders, and malvertising via Google ads. Reporting in the content places the group as active in 2022, including alleged victim postings involving Mark-Taylor, an Arizona builder, and a full-service commodities broker. The content also states that BlackSuit was formed from members of the older Royal ransomware group, indicating Royal predates BlackSuit and that personnel overlap or evolution occurred between the two groups. No high-confidence information about the group's size or physical location is provided in the content.
Ransomware.live
MITRE ATT&CK
Reporting
BlackSuit had been active since mid-2023 and was formed from members of the old Royal ransomware group.
Royal ransomware operators have been observed gaining initial access via phishing attacks, RDP compromises, credential abuse, vulnerability exploitation, malicious downloaders, and malvertising on Google ads.
A new ransomware group war is brewing as Royal Ransomware backdated a post for Mark-Taylor, an Arizona builder dated December 13th that Hive Ransomware posted on December 14th.
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.