The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware.


On its debut appearance on the threat landscape in September 2022, the human-operated Royal ransomware requested ransom payments of up to millions of dollars. Royal, in contrast to other ransomware operations, doesn’t provide ransomware-as-a-service and seems to be a private organisation without an affiliate network.

The C++-written Royal ransomware infected Windows systems and deleted all Volume Shadow Copies to make data recovery impossible. The local network shares and local drives that are affected by the ransomware are encrypted using the AES technique.

Read More…