S1073Windows

S1073Royal

Platforms
1
ATT&CK
14.1
References
6

Description

[Royal](https://attack.mitre.org/software/S1073) is ransomware that first appeared in early 2022; a version that also targets ESXi servers was later observed in February 2023. [Royal](https://attack.mitre.org/software/S1073) employs partial encryption and multiple threads to evade detection and speed encryption. [Royal](https://attack.mitre.org/software/S1073) has been used in attacks against multiple industries worldwide--including critical infrastructure. Security researchers have identified similarities in the encryption routines and TTPs used in [Royal](https://attack.mitre.org/software/S1073) and [Conti](https://attack.mitre.org/software/S0575) attacks and noted a possible connection between their operators.(Citation: Microsoft Royal ransomware November 2022)(Citation: Cybereason Royal December 2022)(Citation: Kroll Royal Deep Dive February 2023)(Citation: Trend Micro Royal Linux ESXi February 2023)(Citation: CISA Royal AA23-061A March 2023)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S1073
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
  3. https://www.cybereason.com/blog/royal-ransomware-analysis
  4. https://www.kroll.com/en/insights/publications/cyber/royal-ransomware-deep-dive
  5. https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-attacks-by-targeting-linux-esxi-servers.html
  6. https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Prestige
Software
BlackCat
Software
Black Basta
Software
AvosLocker
Software
DCSrv
Software
Bumblebee
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.