New warnings are being issued to U.S. healthcare organizations as a new group, the Royal ransomware gang, attacks them.
The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security team— has concluded that a single group has carried out ransomware attacks against US healthcare organizations. This new analyst note was published on Wednesday.
Since the discovery of H3C, the company has been aware of attacks against the Healthcare and Public Healthcare sector. Due to the reliance on digital records by the healthcare sector, Royal is a potential risk to the HPH sector.
This ransomware group focuses on U.S. healthcare organizations after past successful attacks.
Yesterday, the Royal Foundation claimed that following every healthcare data leak, they leaked all data allegedly stolen from victims’ networks online.
A Sharp Increase in Ransomware Activity Detected since September
The Royal Ransomware gang is a private operation with no affiliates or partnerships. The group was created by experienced threat actors who worked for other groups.
Since September 2022, Royal operators have been ramping up malicious activities. After being spotted in January 2022.
Initially, they used encryptors from other gangs like BlackCat before quickly switching to using their encryptors, such as Zeon. Unfortunately, this particular encryptor generated Conti ransomware notes.
The ransomware gang rebranded again in September and began using a new encryptor that generated ransom notes with the same name.
For ransomware gangs, it’s unusual to use social engineering as a tactic. Typically, they only rely on well-known malware. However, this ransomware gang uses