2 min read

Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns

Vlad CONSTANTINESCU

December 09, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Royal Ransomware Launches Attacks on US Healthcare Organizations, Government Warns

A new ransomware campaign is attacking healthcare organizations in the United States in a malicious operation dubbed Royal, the US Department of Health and Human Services (HHS) said in a security advisory.

Royal, first noticed in September, doesn’t function on the Ransomware-as-a-Service (RaaS) model like other operations. Instead, it seems to run as a private group without affiliates.

However, researchers have identified shared “elements from previous ransomware operations,” leading them to believe that seasoned threat actors from other cybercrime groups could be part of the operation.

The financially motivated threat group deals in double-extortion attacks, requesting hefty ransoms to restore stolen data and not leak sensitive documents to the public. Ransom demands range anywhere from $250,000 to over $2 million.

“Once a network has been compromised, they will perform activities commonly seen from other operations, including deploying Cobalt Strike for persistence, harvesting credentials, and moving laterally through a system until they ultimately encrypt the files,” HHS said in the announcement. “Originally, the ransomware operation used BlackCat’s encryptor, but eventually started using Zeon, which generated a ransomware note that was identified as being similar to Conti’s.”

The 64-bit, C++-written executable spread by Royal ransomware operators deletes all Volume Shadow Copies, rendering the victim unable to recover compromised files using point-in-time copies. It enciphers local network and local drive shares using the AES algorithm, encrypts the initial vector (IV) and the key in the RSA public key, then hardcodes it into the executable. After encrypting files, the malicious executable appends the “.royal” extension to them.


Specialized software solutions such as Bitdefender Ultimate Security can keep you safe from ransomware attacks and other e-threats with features like:

  • Multi-layered ransomware protection that keeps your documents, videos, pictures and music safe from all kinds of ransomware attacks
  • Advanced threat defense module that closely monitors active apps and takes instant action upon suspicious activity detection
  • All-around, continuous monitoring and protection against ransomware, viruses, Trojans, worms, zero-day exploits, spyware, rootkits and other e-threats
  • Network threat prevention technology that identifies and blocks suspicious network-level activities, including botnet-related URLs, brute force attacks and sophisticated exploits

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read
Code-Signing Certificates Stolen in GitHub Breach Code-Signing Certificates Stolen in GitHub Breach
Vlad CONSTANTINESCU

January 31, 2023

1 min read