Summary

Started to emerge in early 2022, the Royal ransomware is still active and currently impacting organizations across the globe, including the South East Asia region. Royal ransomware is said to have developed from earlier versions of Zeon ransomware. Not only that, it also have similarities with BlackCat ransomware and it thrives due to its unique approach to evade anti-ransomware defenses using the partial encryption concept. The ransomware has the ability to encrypt a pre-determined portion of the file content and base its partial encryption on a flexible percentage encryption that makes it difficult for anti-ransomware solutions to detect.

Royal ransomware have various methods of deployment, making it very versatile in terms of gaining a foothold in the victim’s environment. To conclude, organizations need to be extra aware of this ransomware because of its ability to avoid anti-ransomware tools, its ability to quickly decrypt the endpoints and its ability to enter the victim’s network throughout various methods. These three traits make it a very deadly ransomware to pay extra attention to.

Our advisory provides an in-depth analysis of technical details, detection methods, IOCs, Royal Ransomware’s hashes and its associated files. In this advisory document, learn how to mitigate risks, defend your organisation, stay vigilant, and protect ourselves in this evolving cyber threat landscape.

Learn more via the document below!