Royal / BlackSuit

Royal, later rebranded as BlackSuit, is a ransomware operation believed to be operated by experienced hackers from the defunct Conti gang following law enforcement disruption in 2022. The group emerged in November 2022 as Royal and quickly demonstrated the operational sophistication and resources of its predecessor, targeting enterprise organizations and government agencies with precision attacks. BlackSuit maintains the RaaS model with affiliate programs, aggressive marketing on dark web forums, and a published victim leak site to amplify extortion pressure. The operation has been linked to hundreds of millions in ransom demands and represents a continuation of Conti's criminal legacy with evolved tactics and rebranded infrastructure. Example: In 2023-2024, Royal/BlackSuit targeted multiple healthcare systems and Fortune 500 companies, including a major U.S. healthcare provider from which they demanded $15 million in cryptocurrency ransom. Why it matters for compliance: Royal/BlackSuit's emergence from Conti demonstrates ransomware gangs' resilience and highlights the need for persistent threat intelligence sharing among compliance and security teams. Organizations must maintain updated threat actor profiles and implement detection systems for evolved attack signatures.

Category: compliance

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.