FBI and CISA Release Joint Cybersecurity Advisory on Royal Ransomware

The Royal ransomware has targeted healthcare and public healthcare, among other critical infrastructure sectors.

By HFT Staff


The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as January 2023. 

Since approximately September 2022, cyber criminals have compromised U.S. and international organizations with a Royal ransomware variant. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a “.onion” URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education. 

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. 

Actions to take to mitigate cyber threats from ransomware: 

  • Prioritize remediating known exploited vulnerabilities. 
  • Train users to recognize and report phishing attempts. 
  • Enable and enforce multifactor authentication. 


March 9, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Change Healthcare Cyberattack Prompts Cybersecurity Advisory

The party behind this attack has been identified as the ALPHV Blackcat ransomware group.


Managed Service Providers: An Alternative to In-House IT

UTMC is one such case of using an MSP for their IT needs.


ChristianaCare Partners with Emerus Holdings to Develop Three Hospitals

The three neighborhood hospitals are expected to open in Pennsylvania in 2025.


Ohio University Hertiage College of Osteopathic Medicine Awarded WELL Certification

HCOM’s Heritage Hall received the WELL Certification at the Silver level.


Maximizing Safety Through Digital Training

By embracing technology-driven training, managers help deliver high-quality care while minimizing risks and enhancing overall safety.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.