December 12, 2022Rabbi LakshmananHealthcare IT / Ransomware

The US Department of Health and Human Services (HHS) has warned of an ongoing Royal ransomware attack targeting healthcare facilities in the country.

“While most of the known ransomware operators have run ransomware-as-a-service, Royal appears to be a private group with no affiliations while maintaining financial motivation as a goal,” said the agency. Health Sector Cybersecurity Coordination Center (HC3) said: Said [PDF].

“The group claims to steal data for a double extortion attack, and it also steals sensitive data.”

cyber security

Royal ransomware, per Fortinet FortiGuard Lab, is said to be active from at least the beginning of 2022. The malware is a 64-bit Windows executable written in C++ and launched via command line. Target environment.

In addition to deleting volume shadow copies on the system, Royal also utilizes the OpenSSL encryption library to encrypt files to the AES standard and add a “.royal” extension.

Last month, Microsoft revealed that the group it tracks under the name DEV-0569 has been observed deploying a ransomware family in a variety of ways.

This includes malicious links delivered to victims through malicious ads, fake forum pages, blog comments, or phishing emails leading to malicious installer files for legitimate apps such as Microsoft Teams and Zoom. will be

These files are known to contain a malware downloader called BATLOADER. This downloader is used to exploit legitimate remote management tools such as Syncro to deploy Cobalt Strike, as well as deliver various payloads such as Gozi, Vidar, and BumbleBee for subsequent ransomware deployments. will be

Ransomware gangs, which only emerged this year, are believed to be composed of experienced threat actors from other operations, demonstrating that the threat landscape is constantly evolving.

“Initially, the ransomware operation used BlackCat’s encryption tools, but eventually started using Zeon and generated ransomware notes that were identified as similar to those of Conti. ‘ said HHS. “This memo he later changed to Royal in September 2022.”

The agency further noted that the Royal ransomware attack on healthcare focused primarily on US organizations, with payment demands ranging from $250,000 to $2 million.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog