The US Department of Health and Human Services (HHS) warned the healthcare industry about new Royal ransomware.
Royal ransomware targeting the healthcare and public health sector (HPH) was first observed in September 2022. Once a network is compromised, files are encrypted.
The requested demand for payment ranges from $250,000 to over $2 million.
According to HHS, Royal appears to be a private group without any affiliates while maintaining financial motivation as its goal. In addition, the group claims to steal data for double-extortion attacks, meaning that they also exfiltrate sensitive data.
“Royal is a newer ransomware, and less is known about the malware and operators than others. Additionally, on previous Royal compromises that have impacted the HPH sector, they have primarily appeared to be focused on organizations in the United States,” the HHS report says.
During previous attacks, the threat actor has claimed to have published 100% of the data that was allegedly extracted from the victim, the HSH says.
Having your medical records stolen and exposed may have dire consequences, such as identity theft.