Royal ransomware joins other ransomware groups targeting ESXi servers. The files are encrypted using the AES algorithm, with the key and IV being encrypted using the RSA public key that is hard-coded in the executable. The process can partially encrypt a file depending on its size and the value of the “-ep” parameter. The extension of the encrypted files is changed to “.royal_u”.
Don’t Fight Alone Incident Response Template
Read More »
Incident Response Template Download this free template for outlining the steps SecurityScorecard will take alongside you in the event of