Rhysida Ransomware

Malware updated 4 days ago (2024-09-04T00:17:48.192Z)

Download STIX

Preview STIX

Rhysida ransomware is a malicious software that infiltrates systems, often without the knowledge of the user, with the intention to exploit and damage the system. It can infect systems through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Rhysida ransomware gang has been responsible for multiple attacks on various organizations, and their activities have drawn warnings from both the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). In July, the Rhysida ransomware group attacked the city of Columbus, demanding $1.9 million in Bitcoin. When the city refused to pay the ransom, the group released 6.5 terabytes of data. In early August, they leaked an additional 3.1TB of data on its Tor-based site, claiming it was stolen from Columbus' systems. The stolen data allegedly included sensitive information such as passports and Social Security numbers. The Rhysida ransomware gang has not limited its activities to the United States. They have claimed responsibility for hacking three more US hospitals, the Kuwait Ministry of Finance, and even the British Library. Moreover, they have also claimed to have hacked China Energy, King Edward VII’s Hospital in London, and Abdali Hospital in Jordan. Their actions demonstrate a global reach and a willingness to target a wide range of institutions, posing significant cybersecurity threats worldwide.

Description last updated: 2024-09-04T00:15:30.072Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Vice Society	6	Vice Society, a threat actor group known for its malicious activities, has been linked to a series of ransomware attacks targeting various sectors, most notably education and healthcare. Throughout 2022 and the first half of 2023, Vice Society, along with Royal Ransomware, were actively executing mu

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Windows

Health

Malware

Vulnerability

Hospital

Healthcare

Medical

RaaS

Bitcoin

Encryption

Hospitals

Payload

Lateral Move...

Apt

Zero Day

CISA

Extortion

Cybercrime

Spyware

Exploit

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	2	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Rhysida	Unspecified	11	Rhysida, a threat actor active since May 2023, is responsible for a series of ransomware attacks, with a significant focus on the healthcare sector. It accounts for 8% of total cyberattacks, with 38% of its attacks targeting healthcare institutions. The group's modus operandi includes transferring R

Source Document References

Information about the Rhysida Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a day ago	CISA Flags ICS Bugs in Baxter, Mitsubishi Products
DARKReading	4 days ago	City of Columbus Sues Researcher After Ransomware Attack
Checkpoint	13 days ago	26th August – Threat Intelligence Report - Check Point Research
Checkpoint	a month ago	12th August – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Rhysida Ransomware gang claims the hack of Bayhealth Hospital
Checkpoint	a month ago	5th August – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Checkpoint	2 months ago	22nd July – Threat Intelligence Report - Check Point Research
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
BankInfoSecurity	2 months ago	Breach Roundup: North Korean Hackers Target macOS Users
Securityaffairs	2 months ago	MarineMax data breach impacted over 123,000 individuals
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
BankInfoSecurity	2 months ago	What's the Best Strategy for Exploiting Flaws in Ransomware?
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	2 months ago	Hundreds of Thousands Impacted in Children's Hospital Cyberattack
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION