Security News > 2022 > December > Healthcare systems face a “royal” cybersecurity threat from new hacker group

U.S. healthcare organizations could be in the crosshairs of a new cyberthreat collective dubbed Royal.

The warning from HHS's Health Sector Cybersecurity Coordination Center identified the relatively new group as perps behind several attacks first appearing in September 2022 against Healthcare and Public Healthcare targets.

According to the report, the Royal ransomware group - an apparently money-motivated outfit with no affiliates - deploys a 64-bit executable written in C++ targeting Windows systems.

A report last month from Microsoft Security noted that the Royal ransomware is also being distributed by the threat group DEV-0569, which, according to Microsoft, is actively evolving to incorporate new "Discovery techniques, defense evasion and various post-compromise payloads, alongside increasing ransomware facilitation."

The Royal group's own tactics are evolving, according to HC3, which reported that Royal started with an encryptor from ransomware-as-a-service purveyor ALPHV, aka BlackCat, then began using their own to generate a ransomware note in a README.TXT with a link to the victim's private negotiation page.

"Royal is a newer ransomware, and less is known about the malware and operators than others" said HC3. "Additionally, on previous Royal compromises that have impacted the HPH sector, they have primarily appeared to be focused on organizations in the United States. In each of these events, the threat actor has claimed to have published 100% of the data that was allegedly extracted from the victim."

News URL

https://www.techrepublic.com/article/healthcare-systems-face-royal-cybersecurity-threat/