The healthcare sector is under threat of cyberattacks from a human-operated ransomware, Royal, warned the Department of Health and Human Services (HHS).
Royal was first observed in September 2022, and once a system is infected, the attackers demand anywhere from $250,000 to $2 million as ransom for the provider to get its data back. According to HHS, the attackers are experienced actors from other groups using other observed elements from previous ransomware operations. The group steals data and extorts sensitive information to make its demands.
“Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal,” HHS warned Dec. 7.
HHS called Royal “a threat” to the healthcare and public healthcare sector. Once the group has access to a network, they are known to perform activities that have been observed in other ransomware attacks, including deploying Cobalt Strike, harvesting credentials and encrypting files through a system. The ransom notes appear in a README.TXT, which also contains a link to the victim’s private negotiation page.
The ransomware targets Windows systems, and multiple actors have been spreading Royal ransomware.
“The group has been delivering the malware with human-operated attacks and has displayed innovation in their methods by using new techniques, evasion tactics and post-compromise payloads,” HHS said. “The group has been observed embedding malicious links in malvertising, phishing emails, fake forums and blog comments.”
While HHS knowns Royal is a threat, the ransomware is still new, meaning there is still a lot unknown about the malware and its operators. So far, Royal ransomware has been focused on U.S. healthcare companies, and the threat actor has claimed to have published 100% of the data that was allegedly extracted from the victim.
The warning comes as cyberattacks on the healthcare industry have worsened and become more costly on affected healthcare organizations. On average, data breaches cost an average of $10 million. Healthcare companies are particularly vulnerable to attacks because of the large amount of sensitive data they hold. In fact, healthcare data breaches jumped three-fold in 2021, according to one report. HHS has previously warned that electronic health records (EHR) systems are vulnerable to cyberattacks.
With so many cyberattacks hitting the healthcare sector, some reports have suggested that the HHS Office of Civil Rights, which is responsible for investigating data breaches, has been ineffective at improving or investigating cyber crime.