Royal continues to engage in ongoing attacks against enterprises, occasionally utilizing the BlackSuit variant in limited attacks. As per BleepingComputer, it is possible that Royal is simply testing a new encryptor, as they have been with other tools used by the group, including a new loader, IcedID, and a revitalizing of Emotet.

Source: Heimdal Security Blog