FBI and CISA Release Joint Cybersecurity Advisory on Royal Ransomware

The Royal ransomware has targeted healthcare and public healthcare, among other critical infrastructure sectors.

By HFT Staff


The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as January 2023. 

Since approximately September 2022, cyber criminals have compromised U.S. and international organizations with a Royal ransomware variant. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a “.onion” URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education. 

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. 

Actions to take to mitigate cyber threats from ransomware: 

  • Prioritize remediating known exploited vulnerabilities. 
  • Train users to recognize and report phishing attempts. 
  • Enable and enforce multifactor authentication. 


March 9, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Making AI Work for Predictive Maintenance

AI can support predictive maintenance by helping managers anticipate equipment failures, reduce downtime and improve operational efficiency.


Thomas Jefferson University Unveils Plans for Sidney Kimmel Medical College in Allentown, PA

Located at One Center Square, in downtown Allentown, the campus will include more than 54,000 square feet of newly constructed medical education space.


Aspirus Chippewa Falls Hospital and Clinic to Open in September

The approximately 35,000-square-foot facility is designed around the needs of patients and families, bringing together hospital, clinic and diagnostic services in one location.


Respecting EVS Workers: 19 Minutes Is Not Enough

The infection control problem is time, and it's up to facility managers, EVS directors and infection preventionists to address the problem.


Where are the Greenhouse Gas Emissions Hotspots in Healthcare?

First-year findings from Boston Medical Center show medical waste generates a disproportionate amount of healthcare emissions.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.