The agencies didn't specify a reason for the rebrand or spinoff variant, but rebranding in the ransomware industry is fairly common.
Just this week security researchers have already linked Ransomed.vc, which claimed to have shut shop for good less than a week ago, to a new group called RansomCorp.
CISA and the FBI believe the similarities between the two ransomware families indicate either a potential rebrand of Royal altogether or at least a spinoff variant. "Royal and Blacksuit threat actors have been observed using legitimate software and open source tools during ransomware operations," the advisory read.
[
add
]
[
|
|
...
]