The Royal cyber threat group may target healthcare organizations in the United States. An analyst note describing the danger and the hacker group’s strategies was released this week by the U.S. Department of Health and Human Services.
According to the alert from HHS’s Health Sector Cybersecurity Coordination Center, the relatively new gang was identified as the perpetrator behind various attacks against Healthcare and Public Healthcare targets that first surfaced in September 2022. According to HC3, the gang has made millions of dollars in ransom demands, and its continued presence poses a real and present danger to the HPH industry.
The research claims that the Royal ransomware group, an unaffiliated organization that appears to be driven by money, uses a 64-bit C++ executable to target Windows systems. The Microsoft Windows capability that may produce real-time backup copies of files or folders can be used to remove all volume shadow copies.
According to the Center, the demanded ransom can be anywhere between $250,000 and over $2 million after a system has been infected. Royal is made up of skilled actors from different groups who initially used ransomware-as-a-service strategies, according to the Center.
In a report released last month, Microsoft Security noted that the threat group DEV-0569 is actively evolving to include new “discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation,” is also responsible for spreading the Royal ransomware.
According to the research, DEV-0569 “relies on malicious advertising, phishing URLs that lead to a malware downloader posing as software installers or updates inserted in spam emails, bogus forum posts, and blog comments.”
Microsoft also noted that DEV-0569 is putting malicious installer files on websites and repositories that appear to be legitimate sources of software, employing negative advertising in Google Adwords, leveraging an organization’s contact form to get around email security, and more.