Royal ransomware gang quickly expands reign
The Royal ransomware group has become increasingly active this year, targeting critical infrastructure organizations with a wide variety of tools. According to Palo Alto Networks’ Unit 42, the group has impacted 157 organizations since its inception last year, with most victims being in the US. Royal has hit a variety of industries, including manufacturing, wholesale and retail, healthcare, local government entities, and education. The group has been known to demand ransoms of up to $25 million in bitcoin and uses its leak site to publicly extort victims into paying up. Researchers believe that most members of Royal are former operatives of the Conti ransomware group and have years of experience carrying out attacks. The group has been observed using multiple initial access vectors to secure access into vulnerable systems. Malware: Royal CVEs: CVE-2023-0669 [View Article](https://www.scmagazine.com/news/ransomware/royal-ransomware-expands-reign)