FBI and CISA Release Joint Cybersecurity Advisory on Royal Ransomware

The Royal ransomware has targeted healthcare and public healthcare, among other critical infrastructure sectors.

By HFT Staff


The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as January 2023. 

Since approximately September 2022, cyber criminals have compromised U.S. and international organizations with a Royal ransomware variant. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a “.onion” URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education. 

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. 

Actions to take to mitigate cyber threats from ransomware: 

  • Prioritize remediating known exploited vulnerabilities. 
  • Train users to recognize and report phishing attempts. 
  • Enable and enforce multifactor authentication. 


March 9, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

The Future of Healthcare Facility Construction Projects

Brian Cowperthwaite highlights the invisible work that impacts everyone who walks through a healthcare facility.


Ground Broken on Jupiter Medical Center's Second Hospital

The 53,000-square-foot hospital will include 29 inpatient beds, four operating rooms, 24-hour emergency services, a diagnostic laboratory and imaging services.


Singing River Health System Ensnared by Data Breach

Through an investigation, on February 10, 2026, SRHS learned that the unauthorized party had accessed certain SRHS files that contained patient information.


Partnering on Personnel: Strategies for Success

Environmental services in healthcare have special staffing circumstances. They must meet stringent compliance standards and maintain accreditations.


Kaiser Permanente Opens First Two Medical Offices in Northern Nevada

These are part of its joint venture with Renown Health.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.