The FBI and Cybersecurity and Infrastructure Security Agency today released an update on Royal ransomware and encouraged health care and other critical infrastructure organizations to take certain steps to defend their networks from the latest variant, which disables antivirus software and exfiltrates data before encrypting systems and demanding millions of dollars in ransom.
 
“The Russian-speaking Royal ransomware gang continues to be a significant threat to the health care and other sectors,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “As indicated last week, the government believes that the Royal gang is related to the current BlackSuit ransomware gang and may use some of the same methodology and malware coding. Today’s alert on Royal indicates the group is primarily using phishing emails to deliver ransomware, then exploits known vulnerabilities, disables antivirus software and utilizes legitimate penetration testing software tools such as Cobalt Strike to exfiltrate data. In addition to loading the latest indicators of compromise, it is recommended that network and security monitoring tools include alerts for activation of Cobalt Strike and similar tools, along with alerts for the disablement of antivirus software. Known and exploited vulnerabilities, although a constant challenge to patch, remain a constant threat vector leveraged by the ‘bad guys’.”
 
For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy…
Perspective
The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a U.S. health care organization.Nine…
Headline
Organizations using the National Institute of Standards and Technology’s Cybersecurity Framework as their primary cybersecurity framework report one-third…
Headline
President Biden Feb. 28 directed the Department of Justice to issue regulations to protect personal health and other data from countries known to collect and…
Headline
The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services Feb. 27 released updated recommendations to help…
Headline
Russian state-sponsored cyber actors are using compromised Ubiquiti EdgeRouters to facilitate malicious cyber operations worldwide, the FBI and other agencies…