Rhysida Ransomware Gang
| Actor Type | Criminal Group |
|---|
Rhysida operate a 'ransomware-as-a-service' offering which was reportedly first observed in May 2023. Ransomware attacks using Rhysida typically employ the 'double extortion' approach - stealing data before encrypting systems and data. The group then request payment for access to a decryption key and to prevent exposure/sale of the stolen data.
Rhysida has extorted at least dozens of victims across multiple sectors and geographies.
Reports suggest that the criminal operation behind Rhysida has actually been active since 2021, being previously tracked under the name 'Gold Victor', and linked to the Vice Society ransomware operation.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Rhysida Ransomware Gang Threat Reports
StopRansomware: Rhysida Ransomware
This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...
References
www.secureworks.com
https://www.secureworks.com/research/threat-profiles/gold-victorwww.logpoint.com
https://www.logpoint.com/en/blog/emerging-threats/uncovering-rhysida-and-their-activities/www.fortinet.com
https://www.fortinet.com/blog/threat-research/ransomware-roundup-rhysidawww.fortinet.com
https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/rhysida-ransomware-intrusion.pdfwww.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319awww.logpoint.com
https://www.logpoint.com/wp-content/uploads/2023/12/logpoint-etpr-rhysida.pdfwww.bl.uk
https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdfwww.theguardian.com
https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attackMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.