alphv attacks The Royal Commission for Riyadh City (RCRC)

Incident Date:

July 11, 2022

World map



alphv attacks The Royal Commission for Riyadh City (RCRC)


The Royal Commission for Riyadh City (RCRC)




Al Safarat, Saudi Arabia

Riyadh, Saudi Arabia

First Reported

July 11, 2022

Ransomware Attack on The Royal Commission for Riyadh City (RCRC)

About the Victim

The Royal Commission for Riyadh City (RCRC) is a government entity tasked with the development and management of Riyadh, Saudi Arabia. It aims to enhance the quality of life for its residents and visitors through the provision of services and facilities, while also promoting economic growth and sustainable development.

Size and Significance

The RCRC plays a pivotal role in urban planning, infrastructure development, and public services within Riyadh. Its influence on the city's infrastructure and services is profound, marking it as a significant entity in its sector.


The RCRC, like many organizations worldwide, is susceptible to cyber threats, including ransomware attacks. The ALPHV group, also known as Blackcat, has emerged as a notorious ransomware-as-a-service (RaaS) variant, compromising over 1,000 entities and amassing nearly $300 million in ransom payments. This group's activities have included high-profile attacks, notably on MGM Resorts in 2023.

Potential vulnerabilities within the RCRC may encompass outdated software, weak password policies, and a lack of comprehensive cybersecurity training for employees. The absence of advanced network monitoring and endpoint protection could further exacerbate the risk of ransomware infiltration and damage.

Mitigation Strategies

To counter the threat of ransomware, organizations are advised to adopt several key strategies:

  • Lockdown of Endpoint Applications: Limiting the applications that can execute on endpoints can prevent the execution of unauthorized or malicious software.
  • Implementation of FIDO2-based MFA: Multi-factor authentication (MFA) grounded in FIDO standards can significantly bolster an organization's security by introducing an additional authentication layer.
  • Utilization of Network Monitoring: Advanced network monitoring can facilitate the early detection of unusual activities, potentially indicative of an ongoing ransomware attack.
  • Deployment of Email Scanning Tools: Sophisticated email scanning tools can intercept and neutralize malicious content before it reaches the end user, diminishing the success rate of social engineering attacks.
  • Endpoint Protection Measures: Comprehensive endpoint protection, including endpoint detection and response (EDR) solutions, is crucial for identifying and mitigating ransomware threats effectively.
  • Security Awareness Training: Regular training sessions focused on social engineering and phishing can enable employees to identify and prevent potential threats, enhancing the organization's overall security posture.


Due to the dynamic nature of cybersecurity threats and solutions, readers are encouraged to consult a variety of reputable sources to stay informed about the latest developments in the field. Some key resources include:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.