US Health Dept. warns about Royal Ransomware, which could be used to target healthcare

Today, the U.S. Department of Health and Human Services (HHS), issued an updated warning to healthcare providers about ongoing attacks by a relatively recent operation known as the Royal ransomware Gang.

In a Wednesday analyst note, the Health Sector Cybersecurity Coordination Center HC3 –HHS security team– disclosed that multiple ransomware groups have been responsible for attacks on U.S. healthcare orgs.

The advisory states that HC3 has been aware of threats to the Healthcare and Public Healthcare sectors (HPH).

Royal, because of the ransomware attack on the Healthcare community in the past, should be considered as a threat for the HPH sector.

Based on previous successful attacks, this ransomware group targets U.S. hospitals.

Royal claimed that after each breach in healthcare, they also leaked data from victims’ networks online.

Activity has seen a sharp increase since September

Royal Ransomware is an independent operation that does not have affiliates. It’s made up experienced threat actors, who previously worked with other organizations.

Royal operators are since September 2022. This is months after they were first discovered in January 2022.

They initially used encryption from BlackCat gangs, but they soon switched to . The first was Zeon, which produced Conti-like ransom note.

The ransomware gang changed its name to Royal in September and now uses the same encryption that generated ransom notes.

The ransomware gang also employs social engineering to fool corporate victims. They use in which the attackers pretend to be software vendors and delivery companies.

Royal will request ransom payments of between $250,000 and $2,000,000 after infecting their targets.

Royal also uses hacked Twitter accounts for information about compromised targets. This allows journalists to report on the attack and add pressure to their victims.

The tweets are intended for journalists and owners of businesses. They contain a link that will allow them to access the leaked data that was allegedly taken from the victims’ networks prior to deploying the encryption.

Royal ransomware submissions (ID Ransomware)

Attack on healthcare

Federal government also warns about ransomware attacks that actively target healthcare institutions in the U.S.

HHS, for instance, warned last month about Venus ransomware affecting the nation’s healthcare. At least one person has been reported to have been affected by it.

Prior alerts had notified Healthcare and Public Health organizations about threat actors who deployed ransomware paymentloads.

CISA, FBI and HHS issued a joint advisory in October warning that Daixin Team cybercrime also targets during ongoing ransomware attack.

Professional Finance Company Inc, a Colorado-based, full-service accounting receivables management company, disclosed in a July data breach notification about the Quantum ransomware attacks that occurred in February. This led to an .

The attack may have had an even greater impact, however, as PFC assists thousands of U.S. government and healthcare organizations in ensuring that their customers pay their bills on time.