Rhysida Ransomware

Malware updated a month ago (2024-11-29T13:54:23.178Z)
Download STIX
Preview STIX
The Rhysida ransomware, a malicious software known for exploiting and damaging computer systems, has been actively disrupting cybersecurity since May 2023. This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The Rhysida ransomware group, suspected of having Russian ties, has claimed responsibility for multiple attacks, including a massive data breach involving 6.5 terabytes of stolen data. In September 2024, modePUSH reported that the Rhysida ransomware group, along with the BianLian group, had begun using Azure Storage Explorer to exfiltrate data from victim environments. This marked a shift from their historically popular tools like MEGAsync and rclone. In October 2024, Trend Micro noted that a ransomware actor mimicking the notorious LockBit ransomware group was using samples that leverage Amazon’s S3 storage to exfiltrate data stolen from targeted Windows or macOS systems. Significant incidents associated with the Rhysida ransomware include an attack on the Port of Seattle in August 2024, which affected critical systems including the Seattle-Tacoma International Airport. The group also claimed responsibility for an attack on a city while law enforcement was investigating the incident. The FBI and CISA have issued warnings about these attacks, highlighting the growing threat posed by the Rhysida ransomware gang.
Description last updated: 2024-11-15T16:16:14.616Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Vice Society is a possible alias for Rhysida Ransomware. Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppe
6
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Windows
Ransom
Malware
Health
RaaS
Healthcare
Bitcoin
Hospital
Vulnerability
Medical
Encryption
Hospitals
Payload
Lateral Move...
Apt
Zero Day
CISA
Extortion
Cybercrime
Spyware
Exploit
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Rhysida Ransomware. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
3
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Rhysida Threat Actor is associated with Rhysida Ransomware. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistencUnspecified
12
Source Document References
Information about the Rhysida Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
a month ago
BankInfoSecurity
2 months ago
InfoSecurity-magazine
2 months ago
Securityaffairs
2 months ago
InfoSecurity-magazine
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Checkpoint
3 months ago
Securityaffairs
3 months ago
DARKReading
4 months ago
DARKReading
4 months ago
Checkpoint
4 months ago
Checkpoint
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Checkpoint
5 months ago
Securityaffairs
5 months ago
Checkpoint
5 months ago
Securityaffairs
5 months ago