US Health Dept warns of Royal Ransomware targeting healthcare
"The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.
The Health Sector Cybersecurity Coordination Center (HC3) —HHS' security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs.
"Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector," the advisory says.
"Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector."
This ransomware group is focused on targeting U.S. healthcare organizations based on past successful attacks.
Until now, Royal also claimed following each healthcare compromise that they leaked all data allegedly stolen from the victims' networks online.
Sharp increase in activity since September
The Royal Ransomware gang is a private operation without affiliates and made up of experienced threat actors who worked for other groups.
Since September 2022, Royal operators have been quickly ramping up malicious activities, months after being first spotted in January 2022.
While initially, they used encryptors from other gangs like BlackCat, they quickly switched to using their own encryptors, the first being Zeon which generated Conti-like ransom notes.
Starting in mid-September, the ransomware gang rebranded again to "Royal" and uses a new encryptor that generates ransom notes with the same name.
Unusually for a ransomware gang, the group also uses social engineering to trick corporate victims into installing remote access software following callback phishing attacks where the attackers impersonate software providers and food delivery services.
After infecting their targets and encrypting systems on their enterprise network, Royal will demand ransom payments ranging from $250,000 to $2 million.
Another one of Royal's uncommon tactics is using hacked Twitter accounts to tweet information on compromised targets to journalists to have the attack covered by news outlets and put additional pressure on their victims.
These tweets will be tweeted at journalists and the owners of companies, containing a link to the leaked data allegedly stolen from victims' networks before deploying the encryptor.
Healthcare under attack
The federal government has also warned about other ransomware operations known for actively targeting healthcare organizations across the U.S.
For instance, last month, HHS warned of Venus ransomware impacting the country's healthcare, with at least one entity known to have fallen victim to its attacks.
Previous alerts notified Healthcare and Public Health (HPH) organizations of threat actors deploying Maui and Zeppelin ransomware payloads.
A joint advisory issued by CISA, FBI, and HHS warned in October that the Daixin Team cybercrime group also targets the HPH sector in ongoing ransomware attacks.
Last but not least, Professional Finance Company Inc (PFC), a Colorado-based full-service accounts receivables management firm, shared in a data breach notification in July about a Quantum ransomware attack from late February that led to a data breach affecting 657 healthcare orgs.
However, the attack could've had a much more significant impact seeing that PFC helps thousands of U.S. healthcare, government, and utility organizations to ensure that customers pay their invoices on time."
.jpg)
-
Google: How Android’s Private Compute Core protects your data
Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices.
- December 08, 2022
- 12:00 PM
1
-
Samsung Galaxy S22 hacked again on second day of Pwn2Own
Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.
- December 08, 2022
- 11:29 AM
- 1
-
Automated dark web markets sell corporate email accounts for $2
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
- December 08, 2022
- 11:22 AM
- 0
-
Get started in ethical hacking skill set with this training bundle deal
Cybersecurity and ethical hacking are moving to the center of every IT role, even if you focus on other needs within your department. This ethical hacking super bundle can help you hone your skills and face new challenges for $42.99, 98% off the $3284 MSRP.
- December 08, 2022
- 07:15 AM
- 0
-
New 'Zombinder' platform binds Android malware with legitimate apps
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion.
- December 08, 2022
- 05:00 AM
- 2
-
Apple rolls out end-to-end encryption for iCloud backups
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.
- December 07, 2022
- 03:55 PM
- 0
-
Use AI to refine your CV with this Resoume resume assistant deal
The job search is becoming more complex, and applicants need tools that stay abreast of how it's changing. This AI-powered CV builder gets you started for $39.99, 93% off the $600 MSRP.
- December 07, 2022
- 02:24 PM
- 0
-
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.
- December 07, 2022
- 02:19 PM
- 2
-
CloudSEK claims it was hacked by another cybersecurity firm
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.
- December 07, 2022
- 01:24 PM
- 0
-
Hackers use new Fantasy data wiper in coordinated supply chain attack
The Iranian Agrius APT hacking group is using a new 'Fantasy' data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa.
- December 07, 2022
- 12:36 PM
- 0
-
Google: State hackers still exploiting Internet Explorer zero-days
Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.
- December 07, 2022
- 12:20 PM
- 0
-
CryptosLabs ‘pig butchering’ ring stole up to $505 million since 2018
A previously unknown investment scam group named 'CryptosLabs' has stolen up to €480 million ($505 million) from victims in France, Belgium, and Luxembourg, since the launch of its operation in 2018.
- December 07, 2022
- 11:13 AM
- 0
-
Microsoft: November updates break ODBC database connections
Microsoft is working to address a new known issue affecting apps using ODBC database connections after installing the November 2022 Patch Tuesday Windows updates.
- December 07, 2022
- 10:48 AM
- 2
US Health Dept warns of Royal Ransomware targeting healthcare
The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.
- December 08, 2022
- 05:40 PM
- 0
-
Hacked corporate email accounts used to send MSP remote access tool
MuddyWater hackers, a group associated with Iran's Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.
- December 08, 2022
- 04:19 PM
- 0
-
CommonSpirit Health ransomware attack exposed data of 623,000 patients
CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.
- December 08, 2022
- 03:27 PM
- 0
-
Cisco discloses high-severity IP phone bug with exploit code
Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing unpatched devices to remote code execution and denial of service (DoS) attacks.
- December 08, 2022
- 02:24 PM
- 0
-
This giant cyber security e-training bundle is just $79 today in this deal
Contemplating a career in cyber security or just IT in general? Then this online course package for just $79 may be a good choice for you. It is just $3.04 per course — which is the best price you'll find anywhere on the web.
- December 08, 2022
- 02:11 PM
- 0
-
New Google Chrome feature frees memory to make browsing smoother
Google says the latest release of Chrome for desktop devices now comes with a new performance-boosting feature designed to free up memory and make web browsing smoother.
- December 08, 2022
- 01:19 PM
- 4
-
Tor Browser 12.0 brings Apple Silicon support, Android enhancements
The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version.
- December 08, 2022
- 01:03 PM
- 0
-
.webp)
.webp)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
