Ransomware Attack on Royal Star & Garter: A Cybersecurity Threat

Incident Date:

May 22, 2024

World map



Ransomware Attack on Royal Star & Garter: A Cybersecurity Threat


Royal Star & Garter




Solihull, United Kingdom

, United Kingdom

First Reported

May 22, 2024

Ransomware Attack on Royal Star & Garter by RansomHouse

Victim Overview

Royal Star & Garter, a charity organization dedicated to providing care and support to military veterans and their families, was targeted in a cyberattack by the RansomHouse ransomware group. The organization offers residential and nursing care services, as well as support for individuals living with disabilities or mental health issues. With a revenue of $28.3 million and 367 employees, Royal Star & Garter is known for its commitment to high-quality care and support for veterans and their spouses.

Attack Overview

The cyberattack on Royal Star & Garter occurred on April 3, 2024, resulting in the encryption of approximately 300GB of the organization's data. RansomHouse, a unique data extortion group, has made evidence of the breach available for download on the dark web. The group has threatened to publicly release the stolen data unless a ransom is paid, with the disclosure date dependent on the organization's response.

RansomHouse Group

RansomHouse distinguishes itself from traditional ransomware groups by focusing on data exfiltration rather than encryption. The group claims to be a "professional mediators community" and aims to highlight security vulnerabilities in organizations. RansomHouse uses unique communication methods, such as a Tor-based chat room and a data leak blog, to negotiate ransoms and interact with victims.


Royal Star & Garter's vulnerabilities in being targeted by threat actors include potential gaps in their cybersecurity defenses, inadequate security measures, and a lack of robust data protection protocols. The organization's focus on providing care to vulnerable populations may make it an attractive target for cybercriminals seeking to exploit sensitive information.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.