A warning from the US Department of Health and Human Services – a new ransomware gang, the Royal ransomware gang, is targeting US healthcare organizations.
A history of the group. The Royal Ransomware gang is a private operation without affiliates and made up of experienced threat actors who worked for other groups.
Since September 2022, Royal operators have been quickly ramping up malicious activities, months after being first spotted in January 2022.
While initially, they used encryptors from other gangs like BlackCat, they quickly switched to using their own encryptors, the first being Zeon which generated Conti-like ransom notes.
Why do we care?
I wanted to highlight ransomware operators going vertical. Sure, there’s a tactical warning here for those in healthcare, but that is a lot less interesting than discussing the adversary.
This ransomware group focuses on a specific industry, building its technology and not risking exposure by working with affiliates. That’s a specific business strategy, and we’d be applauding their focus if they were a technology startup. That’s the insight I’m considering today.
The adversary steps up their game, and thus why HHS has warned us.
