Special Bulletin
Joint Cybersecurity Advisory TLP Clear: #StopRansomware: BlackSuit (Royal) Ransomware
Summary
Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
Note: This advisory, originally published March 2, 2023, has been updated twice:
- November 13, 2023: The advisory was updated to share new Royal TTPs and IOCs.
- August 7, 2024: The advisory was updated to notify network defenders of the rebrand of “Royal” ransomware actors to “BlackSuit.” The update includes new TTPs, IOCs, and detection methods related to BlackSuit ransomware. “Royal” was updated to “BlackSuit” throughout unless referring to legacy Royal activity. Updates and new content are noted
View the detailed advisory below.
For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact: