Security News > 2023 > November > Ransomware royale: US confirms Royal, BlackSuit are linked
The US' Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand.
The security industry has highlighted a suspected link between Royal and BlackSuit for months and the latest update to the security agencies' advisory confirms code overlaps and similarities in intrusion techniques.
CISA and the FBI believe the similarities between the two ransomware families indicate either a potential rebrand of Royal altogether or at least a spinoff variant.
Trend Micro's May report on the similarities between the two predicted that BlackSuit was either a new variant developed by Royal itself, a copycat strain, or an affiliate of Royal's RaaS program that had made its own changes to the kit.
Microsoft's incident response data pegged Royal as one of the most prolific ransomware groups in operation over the past year.
The advisory from CISA and the FBI includes more details on the full range of IOCs and mitigation guidance for both Royal and BlackSuit ransomware families.
News URL
Related news
- Ransom Cartel, Reveton ransomware owner arrested, charged in US (source)
- US accuses man of being 'elite' ransomware pioneer they've hunted for years (source)
- Alleged Karakut ransomware scumbag charged in US (source)
- US Marshals Service disputes ransomware gang's breach claims (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)