Royal Ransomware.

A high-impact ransomware family that emerged from former Conti members in early 2022, hit hundreds of U.S. critical-infrastructure victims, and rebranded to BlackSuit in mid-2023 after the City of Dallas attack. 它属于网络安全的 恶意软件 分类。

A high-impact ransomware family that emerged from former Conti members in early 2022, hit hundreds of U.S. critical-infrastructure victims, and rebranded to BlackSuit in mid-2023 after the City of Dallas attack.

Royal Ransomware appeared in early 2022 and quickly became one of the highest-impact private (non-affiliate-driven) ransomware operations of 2022–2023, attributed to former members of the Conti syndicate. It used a custom C++ encryptor with intermittent encryption (encrypting only a configurable percentage of each file for speed) and AES + RSA, leaving the `.royal` extension and a `README.TXT` note. The actor was reported to have hit over 350 victims globally, with U.S. CISA/FBI advisories highlighting its targeting of healthcare, education, manufacturing, and government — including the May 2023 attack on the City of Dallas, Texas, which disrupted public-safety services for weeks. Following intense law-enforcement attention, the operation rebranded in mid-2023 as 'BlackSuit', retaining the same encryptor lineage and TTPs (Cobalt Strike, BloodHound, ESXi-targeting Linux variant, double extortion via a leak site, initial access via callback-phishing and stolen credentials). U.S. CISA's #StopRansomware advisory in late 2023 published joint Royal/BlackSuit IOCs and TTPs.

针对 Royal Ransomware 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Royal, BlackSuit。