Royal Ransomware Group targets US healthcare organizations for 2 million ransom

The US Department of Health and Human Services (HHS) announced that the country’s healthcare organizations are under direct targets after an active ransomware gang looking to breach them.

The Health Sector Cybersecurity Coordination Center (HC3) mentioned  that a new analysis found that Royal Ransomware Group has been launching several  attacks  on U.S. healthcare organizations.

“Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector” said the HC3.

Sudden surge of attacks from Royal Ransomware Group

Royal ransomware group is composed of talented and experienced threat actors that operates without any affiliation. The group has been lively since Sep 2022, after their first show in Jan 2022.

Royal ransomware group just doesn’t encrypt healthcare data, they usually leak the data for further attacks and sell it on the dark web. The Royal ransomware group have been found targeting healthcare organizations in the past and they are back now to exfiltrate the health data of US patients.

Modus Operandi of Royal Ransomware Gang

The threat actors used the encryptors from BlackCat initially, later switched to their own encryptors, the initial one being Zeon that produced Conti look alike ransom notes.

The ransomware gang also uses social engineering techniques to manipulate victims by installing remote access software followed by callback phishing attacks impersonating software vendors and delivery services. It’s found that the Royal ransomware group have been demanding $250,000 to $2 million after encrypting corporate data.

The gang uses another alternate technique to use hacked Twitter accounts and leak the stolen data sample to journalists for the news and coverage. With this anonymous PR activity they can put additional pressure on the victims.

US healthcare on the hackers spotlight recently

US healthcare organizations have been the sweet spot recently with Venus ransomware targeting the industry last month and by Royal ransomware gang this month. Earlier to these threats, the Maui and Zeppelin ransomware payloads were deployed targeted the nation’s healthcare network.

CISA, HHS and FBI also gave a join advisory in October against the Daixin Cybercrime Group targeting US healthcare sector with ransomware attacks. The group was involved in a data theft of 5 million Air Asia Passengers last month.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.