{"id":3334,"date":"2022-12-10T13:08:50","date_gmt":"2022-12-10T13:08:50","guid":{"rendered":"https:\/\/regtechafrica.com\/healthcare\/?p=3334"},"modified":"2022-12-10T13:08:50","modified_gmt":"2022-12-10T13:08:50","slug":"global-us-health-dept-warns-of-royal-ransomware-targeting-healthcare","status":"publish","type":"post","link":"https:\/\/regtechafrica.com\/healthcare\/global-us-health-dept-warns-of-royal-ransomware-targeting-healthcare\/","title":{"rendered":"Global: US Health Dept warns of Royal Ransomware targeting healthcare"},"content":{"rendered":"<div id=\"mainContainer\" class=\"__reading__mode__extracted__article__body\">\n<div>\n<div class=\"articleBody\">\n<p>The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country&#8217;s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.<\/p>\n<p>The Health Sector Cybersecurity Coordination Center (HC3) \u2014HHS&#8217; security team\u2014 revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs.<\/p>\n<p>&#8220;Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector,&#8221; the advisory\u00a0<a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/royal-ransomware-analyst-note.pdf\" rel=\"nofollow noopener\" target=\"_blank\">says<\/a>.<\/p>\n<p>&#8220;Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector.&#8221;<\/p>\n<p>This ransomware group is focused on targeting U.S. healthcare organizations based on past successful attacks.<\/p>\n<p>Until now, Royal also claimed following each healthcare compromise that they leaked all data allegedly stolen from the victims&#8217; networks online.<\/p>\n<h3>Sharp increase in activity since September<\/h3>\n<p>The Royal Ransomware gang is a private operation without affiliates and made up of experienced threat actors who worked for other groups.<\/p>\n<p>Since September 2022, Royal operators have been\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-royal-ransomware-emerges-in-multi-million-dollar-attacks\/\" target=\"_blank\" rel=\"noopener\">quickly <\/a>ramping up malicious activities, months after being first spotted in January 2022.<\/p>\n<p>While initially, they used encryptors from other gangs like BlackCat, they quickly switched to using\u00a0<a href=\"https:\/\/twitter.com\/malwrhunterteam\/status\/1483105727287865345\" rel=\"nofollow noopener\" target=\"_blank\">their own encryptors<\/a>, the first being Zeon which generated Conti-like ransom notes.<\/p>\n<p>Starting in mid-September, the ransomware gang rebranded again to &#8220;Royal&#8221; and uses a new encryptor that generates ransom notes with the same name.<\/p>\n<p>Unusually for a ransomware gang, the group also uses social engineering to trick corporate victims into installing remote access software following\u00a0callback phishing attacks\u00a0where the attackers impersonate software providers and food delivery services.<\/p>\n<p>After infecting their targets and encrypting systems on their enterprise network, Royal will demand ransom payments ranging from $250,000 to $2 million.<\/p>\n<p>Another one of Royal&#8217;s uncommon tactics is using hacked Twitter accounts to tweet information on compromised targets to journalists to have the attack covered by news outlets and put additional pressure on their victims.<\/p>\n<p>These tweets will be tweeted at journalists and the owners of companies, containing a link to the leaked data allegedly stolen from victims&#8217; networks before deploying the encryptor.<\/p>\n<div>\n<figure class=\"image\"><img data-recalc-dims=\"1\" decoding=\"async\" class=\"c008\" src=\"https:\/\/i0.wp.com\/www.bleepstatic.com\/images\/news\/u\/1109292\/2022\/Royal%20ransomware%20ID%20Ransomware%20submissions.png?w=1170&#038;ssl=1\" alt=\"Royal ransomware ID Ransomware submissions\" \/><figcaption class=\"c007\"><em>Royal ransomware submissions (ID Ransomware)<\/em><\/figcaption><\/figure>\n<\/div>\n<h3>\u200bHealthcare under attack<\/h3>\n<p>The federal government has also warned about other ransomware operations known for actively targeting healthcare organizations across the U.S.<\/p>\n<p>For instance, last month, HHS warned of Venus ransomware impacting the country&#8217;s healthcare, with at least one entity known to have fallen victim to its attacks.<\/p>\n<p>Previous alerts notified Healthcare and Public Health (HPH) organizations of threat actors deploying\u00a0Maui\u00a0and\u00a0Zeppelin\u00a0ransomware payloads.<\/p>\n<p>A joint advisory issued by CISA, FBI, and HHS warned in October that the Daixin Team cybercrime group also targets\u00a0the HPH sector\u00a0in ongoing ransomware attacks.<\/p>\n<p>Last but not least, Professional Finance Company Inc (PFC), a Colorado-based full-service accounts receivables management firm, shared in a data breach notification in July about a Quantum ransomware attack from late February that led to a\u00a0data breach affecting 657 healthcare orgs.<\/p>\n<p>However, the attack could&#8217;ve had a much more significant impact seeing that PFC helps thousands of U.S. healthcare, government, and utility organizations to ensure that customers pay their invoices on time.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"__reading__mode__content_end_mark_container_id\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country&#8217;s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware&hellip;<\/p>\n","protected":false},"author":1,"featured_media":3336,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[73,80],"tags":[],"class_list":["post-3334","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-global","category-news"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/regtechafrica.com\/healthcare\/wp-content\/uploads\/2022\/12\/US-Health-Dept-warns-of-Royal-Ransomware-targeting-healthcare.jpg?fit=1024%2C614&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/posts\/3334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/comments?post=3334"}],"version-history":[{"count":2,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/posts\/3334\/revisions"}],"predecessor-version":[{"id":3340,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/posts\/3334\/revisions\/3340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/media\/3336"}],"wp:attachment":[{"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/media?parent=3334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/categories?post=3334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regtechafrica.com\/healthcare\/wp-json\/wp\/v2\/tags?post=3334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}