Royal ransomware group

GPTKB entity

Statements (48)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:affects hospitals
schools
businesses
municipal governments
critical infrastructure
gptkbp:alsoKnownAs Royal ransomware gang
gptkbp:area gptkb:Australia
gptkb:Europe
gptkb:United_States
gptkbp:connectsTo Conti ransomware group (alleged)
gptkbp:dataLeakedOn Royal ransomware leak site
gptkbp:demandsRansom millions of dollars
gptkbp:demandsRansomIn gptkb:cryptocurrency
gptkbp:firstObserved 2022
https://www.w3.org/2000/01/rdf-schema#label Royal ransomware group
gptkbp:language English
gptkbp:notableBattle attack on Dallas city government
attack on healthcare organizations in the US
gptkbp:operatesIn cybercrime
gptkbp:profile gptkb:CISA
gptkb:US_Department_of_Health_and_Human_Services
gptkb:FBI
gptkbp:specializesIn ransomware attacks
gptkbp:status active (as of 2024)
gptkbp:target gptkb:government
healthcare sector
gptkbp:technique double extortion
gptkbp:threats high
gptkbp:uses gptkb:PsExec
gptkb:Cobalt_Strike
data exfiltration
custom ransom notes
encryption of files
custom ransomware payloads
living-off-the-land binaries (LOLBins)
Tor network for communication
legitimate software for lateral movement
onion sites for payment
remote monitoring and management (RMM) tools
threats to publish stolen data
gptkbp:usesInitialAccess phishing emails
malicious links
exploiting vulnerabilities
remote desktop protocol (RDP) compromise
gptkbp:usesMalware Royal ransomware
gptkbp:bfsParent gptkb:TrickBot_group
gptkbp:bfsLayer 7