FBI and CISA Release Joint Cybersecurity Advisory on Royal Ransomware

The Royal ransomware has targeted healthcare and public healthcare, among other critical infrastructure sectors.

By HFT Staff


The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as January 2023. 

Since approximately September 2022, cyber criminals have compromised U.S. and international organizations with a Royal ransomware variant. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a “.onion” URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education. 

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. 

Actions to take to mitigate cyber threats from ransomware: 

  • Prioritize remediating known exploited vulnerabilities. 
  • Train users to recognize and report phishing attempts. 
  • Enable and enforce multifactor authentication. 


March 9, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

CRAB Alert: The EVS Role in Preventing Infection

CRAB is a Gram-negative bacterium that causes bloodstream infections, ventilator-associated pneumonia, surgical wound infections and meningitis in hospitalized patients.


Why Hospital Waiting Rooms Aren't Going Away

Despite advances in technology, thoughtfully designed reception spaces continue to evolve.


Ground Broken on Mount Sinai Tisch Cancer Hospital

The hospital is aiming to open in 2030 on Mount Sinai’s Upper East Side campus.


Design, Compartmentation, Training: How Defend-in-Place Strategies Can Protect Patients

Effective defend-in-place strategies depend on compartmentation, fire-rated assemblies and ongoing staff training to protect patients who cannot quickly evacuate.


Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee

Construction remains on schedule, with crews continuing work on interior spaces, infrastructure and clinical areas throughout the facility.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.