Ransomware Attack on Royal Star & Garter by RansomHouse

Victim Overview

Royal Star & Garter, a charity organization dedicated to providing care and support to military veterans and their families, was targeted in a cyberattack by the RansomHouse ransomware group. The organization offers residential and nursing care services, as well as support for individuals living with disabilities or mental health issues. With a revenue of $28.3 million and 367 employees, Royal Star & Garter is known for its commitment to high-quality care and support for veterans and their spouses.

Attack Overview

The cyberattack on Royal Star & Garter occurred on April 3, 2024, resulting in the encryption of approximately 300GB of the organization's data. RansomHouse, a unique data extortion group, has made evidence of the breach available for download on the dark web. The group has threatened to publicly release the stolen data unless a ransom is paid, with the disclosure date dependent on the organization's response.

RansomHouse Group

RansomHouse distinguishes itself from traditional ransomware groups by focusing on data exfiltration rather than encryption. The group claims to be a "professional mediators community" and aims to highlight security vulnerabilities in organizations. RansomHouse uses unique communication methods, such as a Tor-based chat room and a data leak blog, to negotiate ransoms and interact with victims.

Vulnerabilities

Royal Star & Garter's vulnerabilities in being targeted by threat actors include potential gaps in their cybersecurity defenses, inadequate security measures, and a lack of robust data protection protocols. The organization's focus on providing care to vulnerable populations may make it an attractive target for cybercriminals seeking to exploit sensitive information.

Sources:

• Royal Star & Garter Website
• RansomHouse Profile
• Threat Profile: RansomHouse
• Everything About Data Extortion Group RansomHouse
• SentinelOne: RansomHouse
• CyberInt: RansomHouse