New ransomware threat for struggling health services

Multiple cases of monkeypox in Europe, the UK, Canada and the United States have health authorities worried that the dangerous, though usually not life-threatening, disease could be spreading – Copyright AFP Olga MALTSEVA

The U.S. Department of Health and Human Services (HHS) has issued a warning about Royal Ransomware. This ransomware group is focused on targeting U.S. healthcare organizations based on past successful attacks.

Looking into the ramifications for Digital Journal is Katherine Ledesma, who is the Senior Partnerships and Government Affairs Director at the company SecurityScorecard.

Ledesma starts by considering the specific nature of recent attacks: “SecurityScorecard’s STRIKE Threat Intelligence team has been tracking the Royal Ransomware group since it first appeared as a threat in 2022 and observed it being particularly active during recent months.”

In terms of the impact upon an infected system,  Ledesma  says: “The ransomware deletes all Volume Shadow Copies and avoids specific file extensions and folders. It encrypts the network shares found in the local network and the local drives. Files are then encrypted using the AES algorithm. Royal’s malware can fully or partially encrypt a file based on the file’s size and the “-ep” parameter, changing the extension of the encrypted file to ‘.royal’.”

The cybersecurity risk is part of several afflicting area like health and medicine. According to Ledesma: “The cost of cyberattacks is the highest in the healthcare industry, as personally identifiable information can be sold for top dollar on the dark web, putting patients’ safety at risk.”

Ledesma sees further weaknesses around digitalisation and automation, especially with: “Cybersecurity challenges within the healthcare industry are increasing as the sector grows more dependent on technology to perform daily operations, the record number of mergers and acquisitions, and the associated challenges of integrating disparate IT systems.”

There are measure that organisations can consider putting in place to counter-act these types of security risks. Ledesma recommends: “To better prepare for future Royal Ransomware threats, healthcare organizations must take steps to improve their cyberhealth. This includes monitoring expansive vendor and IoT ecosystems.”

Businesses need to focus on strengthening their security defences by implementing multifactor authentication, keeping operating systems up to date, and maintaining offline backups.

Ledesma also advises: “Health organizations can quickly identify risks and prioritize remediation activities when they have a comprehensive view of their IT infrastructure. Additionally, it is essential that organizations proactively and continuously assess security controls via a trusted third party. They can also use this as a proactive measure in performing due diligence surrounding M&A.”

Ledesma’s final note of caution is: “Security teams should participate in tabletop exercises and threat emulation to ensure they are familiar with countering and responding to threat actors such as Royal.”