The Royal ransomware group recently claimed they carried out a cyberattack against telecom company Intrado at the start of this month and stole critical corporate data. Now, they threaten to publish it if they don’t get a hefty ransom.
While the allegedly stolen data hasn’t been leaked yet, the attackers shared an archive of scans of exfiltrated documents, including passports, business documents and driver’s licenses, to back their claims.
Intrado hasn’t disclosed any details of the attack, but the threat actors demanded an initial ransom of $60 million for the Dec. 1 attack, according to BleepingComputer.
Royal is a private ransomware operation run by seasoned cybercriminals, without affiliates. The gang deals in double-extortion attacks, demanding ransom to restore stolen data and not leak it to the public. Royal has been previously spotted in attacks against US healthcare organizations.
The Intrado incident seems to be linked to a widespread outage that affected the company in early December, as the dates of the incidents coincide. The issue impacted all of Intrado’s services, including Unified Communication Services, Healthcare and Unified Communications as a Service (UCaaS), and rendered clients unable to contact the company via phone.
Since the incident, Intrado has brought back most of the affected services, but it’s still struggling to restore healthcare services fully.
"While we have made significant progress restoring service across all platforms, we are still experiencing some intermittent issues with notifications not being made for some accounts," Intrado’s announcement reads. “We are concentrating all of our resources on full resolution. Thank you for your continued patience.”