Launched in January 2022, the Royal ransomware operation has targeted multiple private entities, demanding ransom payments between USD 250,000 and USD 2 million. Unlike other Ransomware-as-a-Service operations such as Hive, BlackCat, and LockBit, Royal does not operate an affiliate programme, going against the normal trend for new ransomware operations. Instead, Royal is a private group that consists of experienced ransomware actors that have migrated from other operations.

Download the report