Security News > 2023 > November > Ransomware royale: US confirms Royal, BlackSuit are linked

The US' Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.

The security industry has highlighted a suspected link between Royal and BlackSuit for months and the latest update to the security agencies' advisory confirms code overlaps and similarities in intrusion techniques.

CISA and the FBI believe the similarities between the two ransomware families indicate either a potential rebrand of Royal altogether or at least a spinoff variant.

Trend Micro's May report on the similarities between the two predicted that BlackSuit was either a new variant developed by Royal itself, a copycat strain, or an affiliate of Royal's RaaS program that had made its own changes to the kit.

Microsoft's incident response data pegged Royal as one of the most prolific ransomware groups in operation over the past year.

The advisory from CISA and the FBI includes more details on the full range of IOCs and mitigation guidance for both Royal and BlackSuit ransomware families.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/14/us_confirms_royalblacksuit_ransomware_ties/