© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

US Health Department warns healthcare industry of new Royal ransomware


The US Department of Health and Human Services (HHS) warned the healthcare community about human-operated Royal ransomware that has been used to attack the sector since 2022.

First observed in early 2022, Royal ransomware has been used to extort money from victims. Following the initial infection, the ransomware group would demand a ransom in the amount ranging from $250,000 to over $2 million.

According to HHS, Royal seems to be a private threat group with no existing affiliations, motivated primarily by financial gain.

“The group does claim to steal data for double-extortion attacks, where they will also exfiltrate sensitive data,” the report adds.

Although the gang started by deploying BlackCat’s encryptors, they eventually moved to their own – using Zeon, which generated a ransomware note that was identified as being similar to Conti’s. Now, it opts for a new encryptor that generates a ransom note with the gang’s name.

The malware can either fully or partially encrypt a file based on certain parameters, such as its size and the ‘-ep’ parameter. Following the encryption, it will change the extension of the files to “.royal.”

Although a variety of groups have been delivering Royal ransomware, it has also been distributed from DEV-0569, according to Microsoft. The gang has been embedding malicious links in malvertising, phishing emails, fake forums, and blog comments.

‘In addition, Microsoft researchers have identified changes in their delivery method to start using malvertising in Google ads, utilizing an organization’s contact forum that can bypass email protections, and placing malicious installer files on legitimate looking software sites and repositories,” the report adds.

Royal operators have been primarily targeting US healthcare organizations, typically claiming to have published 100% of the illegally obtained data.


More from Cybernews:

Android app with over 5m downloads leaked user browsing history

$400k salon cyber fraud charges bad hair day for suspect

One year on: Log4Shell’s Armageddon that never was

Google told to remove "manifestly inaccurate" search results about users

iPhone tops Google list of insurance searches as theft fears loom

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked