R
Ransomwhere.org
Live MapLatest VictimsGroups
PaymentsTTPsIdentifyNewsDataAPI
LIVE
Ransomwhere.org

Real-time ransomware intelligence platform. Tracking threat actors, victims, and payments to raise awareness and help defend against ransomware attacks worldwide.

Platform

  • Live Map
  • Latest Victims
  • Groups
  • Payments
  • Identify
  • News

Resources

  • Data & Methodology
  • API Docs
  • NoMoreRansom
  • Ransomware.live
  • CISA Advisories

Data sourced from Ransomware.live API. For informational purposes only.

© 2026 Ransomwhere.org

Groups/royal

royal

Inactive

According to Trendmicro, Royal ransomware was first observed in September 2022, and the threat actors behind it are believed to be seasoned cybercriminals who used to be part of Conti Team One.

211
Victims
2
Sites

Known Leak Sites

royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onionChat
royal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd.onionDLS

Victims (211)

Live
Braintree Public Schools
royalUS
Tachi-S Engineering USA
royal
PENNCREST School District
royal
Groupe Sovitrat Interim and Recrutement
royalFR
BM Precision
royal
DirectViz Solutions
royal
The Best Connection
royalGB
Mitutoyo
royalCH
AFG Holdings
royal
Volt
royalUS
Colrich
royalZA
Haworth Tompkins
royal
Grange Packing Solutions
royal
Coos Bay
royalUS
Dotcom Distribution
royal
Westside
royal
TA Supply
royalUS
Trinity Exploration and Production
royal
Agostini Insurance Brokers
royalTT
Atlas Commodities
royal
Morris Hospital
royal
Utah-Yamas Controls
royal
City of Dallas
royal
NASHUA SCHOOL DISTRICT
royalUS
Parker Drilling
royal

Top Targeted Countries

Unknown150
United States23
Germany6
United Kingdom4
Canada4

Profile

:
:

Activity

Total victims211
Countries affected20
Last seen