Security News > 2023 > November > Ransomware royale: US confirms Royal, BlackSuit are linked
The US' Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.
The security industry has highlighted a suspected link between Royal and BlackSuit for months and the latest update to the security agencies' advisory confirms code overlaps and similarities in intrusion techniques.
CISA and the FBI believe the similarities between the two ransomware families indicate either a potential rebrand of Royal altogether or at least a spinoff variant.
Trend Micro's May report on the similarities between the two predicted that BlackSuit was either a new variant developed by Royal itself, a copycat strain, or an affiliate of Royal's RaaS program that had made its own changes to the kit.
Microsoft's incident response data pegged Royal as one of the most prolific ransomware groups in operation over the past year.
The advisory from CISA and the FBI includes more details on the full range of IOCs and mitigation guidance for both Royal and BlackSuit ransomware families.
News URL
Related news
- US charges operators of cryptomixers linked to ransomware gangs (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)