Statements (48)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:affects |
hospitals
schools businesses municipal governments critical infrastructure |
| gptkbp:alsoKnownAs |
Royal ransomware gang
|
| gptkbp:area |
gptkb:Australia
gptkb:Europe gptkb:United_States |
| gptkbp:connectsTo |
Conti ransomware group (alleged)
|
| gptkbp:dataLeakedOn |
Royal ransomware leak site
|
| gptkbp:demandsRansom |
millions of dollars
|
| gptkbp:demandsRansomIn |
gptkb:cryptocurrency
|
| gptkbp:firstObserved |
2022
|
| https://www.w3.org/2000/01/rdf-schema#label |
Royal ransomware group
|
| gptkbp:language |
English
|
| gptkbp:notableBattle |
attack on Dallas city government
attack on healthcare organizations in the US |
| gptkbp:operatesIn |
cybercrime
|
| gptkbp:profile |
gptkb:CISA
gptkb:US_Department_of_Health_and_Human_Services gptkb:FBI |
| gptkbp:specializesIn |
ransomware attacks
|
| gptkbp:status |
active (as of 2024)
|
| gptkbp:target |
gptkb:government
healthcare sector |
| gptkbp:technique |
double extortion
|
| gptkbp:threats |
high
|
| gptkbp:uses |
gptkb:PsExec
gptkb:Cobalt_Strike data exfiltration custom ransom notes encryption of files custom ransomware payloads living-off-the-land binaries (LOLBins) Tor network for communication legitimate software for lateral movement onion sites for payment remote monitoring and management (RMM) tools threats to publish stolen data |
| gptkbp:usesInitialAccess |
phishing emails
malicious links exploiting vulnerabilities remote desktop protocol (RDP) compromise |
| gptkbp:usesMalware |
Royal ransomware
|
| gptkbp:bfsParent |
gptkb:TrickBot_group
|
| gptkbp:bfsLayer |
7
|