Advisoryseverity: High2024-08-07
CISA/FBI update AA23-061A confirming Royal → BlackSuit rebrand
published by CISA
Actor
Russian-speaking ransomware-as-a-service operation operating under the Royal brand from September 2022 to June 2023, then rebranding as BlackSuit. Confirmed as a direct continuation by FBI/CISA in jo…
Summary
FBI and CISA updated joint advisory AA23-061A to notify defenders that Royal ransomware actors had rebranded as BlackSuit. The update added IOCs and TTPs from FBI investigations as recent as July 2024. The advisory tracks the lineage Royal (Sept 2022-June 2023) → BlackSuit (June 2023+) with ransom demands ranging $1M-$60M and $500M+ in cumulative demands.
Tags
rebrandransomwareadvisory-update