RANSOMWARE OPERATION💰 FINANCIAL
royal
Limited data
Intelligence Profile
According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are believed to be seasoned cybercriminals who used to be part of Conti Team One.
Threat Analysis
royal is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like royal prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning royal
ICO Cautions Healthcare Worker After Princess of Wales Incident
Infosecurity Magazine· Jun 18, 2026
Musician admits to $10M streaming royalty fraud using AI bots
BleepingComputer· Mar 20, 2026
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
The Hacker News· Mar 11, 2026
Quick Facts
TypeRansomware Operation
Motivation💰 financial
DLS Infrastructure
○ OFFLINEroyal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion
○ OFFLINEroyal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd.onion
○ OFFLINE72u5vd67xdff354hhge6wjuvsixxwo3c6bvrdlqstgmjfptpbzwrsmad.onion
○ OFFLINEk6s24pz55gtvtzzpg4riv7zb74vts425bl42zrpmice5ud3a65itj6ad.onion
○ OFFLINEyef4xoqj2jq554rqetf2ikmpdtewdlbnx5xrtjtjqaotvfw77ipb6pad.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.