We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

350 Victims of Royal Ransomware Asked to Pay $275 Million

350 Victims of Royal Ransomware Asked to Pay $275 Million
Author Image Husain Parvez
Husain Parvez Published on 20th November 2023 Cybersecurity Researcher

The Royal ransomware gang has targeted more than 350 organizations worldwide, demanding ransoms that collectively exceed $275 million. This information comes from a joint advisory by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), highlighting the extensive reach and sophisticated tactics of the cybercriminal group.

Since September 2022, Royal ransomware has been used to compromise organizations across the globe, with phishing emails being identified as one of the most successful methods of initial access. The FBI and CISA noted that the group conducts data exfiltration before encrypting the victim’s systems, and publishes the stolen data on a leak site if the ransom is not paid.

The Royal ransomware group is believed to mainly comprise former operatives of the Conti ransomware group, and has been particularly active in the past year. The group's attacks have included significant data breaches, such as the exfiltration of over 1.1 TB of data from the City of Dallas, which compromised information belonging to more than 30,000 individuals.

The FBI and CISA have also warned that there are indications Royal may be preparing to rebrand or split into two threat groups, with apparent links to another ransomware gang, BlackSuit.

The cybersecurity advisory was updated in November 2023, offering refreshed indicators of compromise (IOCs) and up-to-date tactics, techniques, and procedures (TTPs). This update includes IOCs generated by FBI investigations earlier this year, showing a crossover between Royal and the Blacksuit ransomware group. The advisory states, "Royal and Blacksuit threat actors have been observed using legitimate software and open-source tools during ransomware operations."

As reported before, the Royal ransomware group's modus operandi involves encrypting their targets' enterprise systems and demanding substantial ransoms, ranging from approximately $1 million to $11 million in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note requires victims to interact directly with the threat actor via a.onion URL.

The situation highlights the significant threat posed by ransomware gangs to organizations globally. The FBI and CISA have issued detailed advisories to help organizations detect and prevent ransomware attacks, emphasizing the importance of robust cybersecurity measures and international cooperation in combating cybercrime.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.