According to cybersecurity company Trend Micro, the highly active Royal ransomware is run by skilled threat actors who were formerly a part of Conti Team One.
Numerous cyberattacks between September and December used the Royal ransomware, and the US Department of Health and Human Services (HHS) issued a warning to healthcare organizations earlier this month about the dangers posed by this threat. Trend Micro claims that Royal is the rebranded version of the Zeon ransomware that first appeared this year and was linked in August to
Conti Team One, one of the organizations responsible for the distribution of the Conti ransomware. The cybercriminals also used AdFind to look for active directories and RClone to steal data from their victims.