Royal ransomware was the most active ransomware strain in November, knocking Lockbit ransomware from the top spot for the first time since September 2021, according to a recent report from the cybersecurity company NCC Group.

Royal ransomware, a strain that emerged in January of this year, is unique in that it operates without affiliates and is therefore distinct from the traditional ransomware-as-a-service model. The ransomware gang employs partial encryption and multi-threaded ransomware to accelerate the encryption process and evade detection. Royal ransomware is also distinct from other groups in their delivery method; they primarily rely on social engineering tactics, such as phishing attacks, to gain access.

Additionally, the report observed a 41 percent increase in ransomware attacks in November. Specifically, there were 265 ransomware incidents detected in November, making it the most active month for ransomware attacks since April. Royal accounted for 16 percent of all attacks, Cuba ransomware made up 15 percent of attacks, and Lockbit 3.0 accounted for 12 percent. Geographically, North America experienced 151 ransomware attacks (45 percent of all incidents) making it the most targeted region. Access the report at NCC Group or read more at SC Media.