Security researchers, Arctic Wolf Labs, have reported that victims of Royal and Akira ransomware are being targeted in follow-on extortion attacks.

In these follow-on attacks (starting in October 2023), two of which were documented by Arctic Wolf Labs, the threat actors falsely claimed they were trying to help victim organisations. They even claimed they would hack into the server infrastructure of the original ransomware groups involved to delete the stolen data.