Royal is the new ransomware threat actor that do it dirty work silently. Royal ransomware operators sends it victims phishing emails related to expired subscriptions or un-delivered parcels with their contact numbers, forcing victims to call them, increasing trust level. Once the victim calls them they convince them to install a remote access software that provide a pivot to rest of their corporate network. After encrypting files they ask user to pay a ransom up to 2 million UDS. All encrypted files are appended with
.royal extension, hence the name.
Zeon Ransomware is the predecessor of Royal Ransomware.
Royal Ransomware Signatures
Family: Trojan-Ransom.Royal
MD5: afd5d656a42a746e95926ef07933f054
SHA256: 9db958bc5b4a21340ceeeb8c36873aa6bd02a460e688de56ccbba945384b1926
Royal Ransomware Download
