The Health Sector Cybersecurity Coordination Center issued a brief Jan. 12 warning the healthcare sector about the tactics and exploitation techniques used by Royal ransomware and BlackCat ransomware, two ransomware groups that have been aggressively targeting the U.S. healthcare sector.
Seven things to know about the ransomware groups, according to HHS:
- Royal ransomware was first observed in 2022 and is a "relatively new, but highly capable" threat to the healthcare sector.
- Royal is the ransomware of choice for some experienced operators, including those who previously took part in Conti ransomware operations.
- Royal is a financially motivated group and has a history of victimizing the healthcare sector.
- BlackCat ransomware was first detected in November 2021 and compromised at least 60 victims in just four months.
- The group is suspected to be a successor of the notorious Darkside/BlackMatter groups.
- The group has stated that it does not attack state medical institutions, hospitals and ambulances. However, it is not against targeting private clinics and pharmaceutical companies.
- BlackCat leverages two encryption algorithms and six encryption modes.