Royal is the new ransomware threat actor that do it dirty work silently. Royal ransomware operators sends it victims phishing emails related to expired subscriptions or un-delivered parcels with their contact numbers, forcing victims to call them, increasing trust level. Once the victim calls them they convince them to install a remote access software that provide a pivot to rest of their corporate network. After encrypting files they ask user to pay a ransom up to 2 million UDS. All encrypted files are appended with .royal
extension, hence the name.
is the predecessor of Royal Ransomware.
Royal Ransomware Signatures
Royal Ransomware Download