Ransomware Attack on Royal Star & Garter: A Cybersecurity Threat
Incident Date:
May 22, 2024
Overview
Title
Ransomware Attack on Royal Star & Garter: A Cybersecurity Threat
Victim
Royal Star & Garter
Attacker
Ransomhouse
Location
First Reported
May 22, 2024
Ransomware Attack on Royal Star & Garter by RansomHouse
Victim Overview
Royal Star & Garter, a charity organization dedicated to providing care and support to military veterans and their families, was targeted in a cyberattack by the RansomHouse ransomware group. The organization offers residential and nursing care services, as well as support for individuals living with disabilities or mental health issues. With a revenue of $28.3 million and 367 employees, Royal Star & Garter is known for its commitment to high-quality care and support for veterans and their spouses.
Attack Overview
The cyberattack on Royal Star & Garter occurred on April 3, 2024, resulting in the encryption of approximately 300GB of the organization's data. RansomHouse, a unique data extortion group, has made evidence of the breach available for download on the dark web. The group has threatened to publicly release the stolen data unless a ransom is paid, with the disclosure date dependent on the organization's response.
RansomHouse Group
RansomHouse distinguishes itself from traditional ransomware groups by focusing on data exfiltration rather than encryption. The group claims to be a "professional mediators community" and aims to highlight security vulnerabilities in organizations. RansomHouse uses unique communication methods, such as a Tor-based chat room and a data leak blog, to negotiate ransoms and interact with victims.
Vulnerabilities
Royal Star & Garter's vulnerabilities in being targeted by threat actors include potential gaps in their cybersecurity defenses, inadequate security measures, and a lack of robust data protection protocols. The organization's focus on providing care to vulnerable populations may make it an attractive target for cybercriminals seeking to exploit sensitive information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.