Statements (48)
Predicate | Object |
---|---|
gptkbp:instanceOf |
cybercrime
|
gptkbp:affects |
hospitals
schools businesses municipal governments critical infrastructure |
gptkbp:alsoKnownAs |
Royal ransomware gang
|
gptkbp:area |
gptkb:Australia
gptkb:Europe gptkb:United_States |
gptkbp:connectsTo |
Conti ransomware group (alleged)
|
gptkbp:dataLeakedOn |
Royal ransomware leak site
|
gptkbp:demandsRansom |
millions of dollars
|
gptkbp:demandsRansomIn |
gptkb:cryptocurrency
|
gptkbp:firstObserved |
2022
|
https://www.w3.org/2000/01/rdf-schema#label |
Royal ransomware group
|
gptkbp:language |
English
|
gptkbp:notableBattle |
attack on Dallas city government
attack on healthcare organizations in the US |
gptkbp:operatesIn |
cybercrime
|
gptkbp:profile |
gptkb:CISA
gptkb:US_Department_of_Health_and_Human_Services gptkb:FBI |
gptkbp:specializesIn |
ransomware attacks
|
gptkbp:status |
active (as of 2024)
|
gptkbp:target |
gptkb:government
healthcare sector |
gptkbp:technique |
double extortion
|
gptkbp:threats |
high
|
gptkbp:uses |
gptkb:PsExec
gptkb:Cobalt_Strike data exfiltration custom ransom notes encryption of files custom ransomware payloads living-off-the-land binaries (LOLBins) Tor network for communication legitimate software for lateral movement onion sites for payment remote monitoring and management (RMM) tools threats to publish stolen data |
gptkbp:usesInitialAccess |
phishing emails
malicious links exploiting vulnerabilities remote desktop protocol (RDP) compromise |
gptkbp:usesMalware |
Royal ransomware
|
gptkbp:bfsParent |
gptkb:TrickBot_group
|
gptkbp:bfsLayer |
7
|