March 2, 2023

Royal Ransomware Targeting All Industries

March 2, 2023

What we know so far

This joint cybersecurity advisory by the FBI and CISA aims to share information about the Royal ransomware, including indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI threat response activities as of January 2023. Since September 2022, cyber criminals have been using a variant of the Royal ransomware to target critical infrastructure sectors, including Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education in the U.S. and internationally. This variant evolved from an earlier version known as "Zeon." After gaining access to victims' networks, the Royal actors disable antivirus software, exfiltrate data, and then deploy the ransomware to encrypt systems.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories