Rhysida (hacker group)
Rhysida is a ransomware group that encrypts data on victims' computer systems and threatens to make it publicly available unless a ransom is paid. The group uses eponymous ransomware-as-a-service techniques, targets large organisations rather than making random attacks on individuals, and demands large sums of money to restore data.
The group perpetrated the notable 2023 British Library cyberattack and Insomniac Games data dump. It has targeted many organisations, including some in the US healthcare sector, and the Chilean army.
In November 2023, the US agencies Cybersecurity and Infrastructure Security Agency (CISA), FBI and MS-ISAC published an alert about the Rhysida ransomware and the actors behind it, with information about the techniques the ransomware uses to infiltrate targets and its mode of operation.
The group may be based in the Commonwealth of Independent States.
The group takes its name from the genus of centipedes, and uses a centipede logo.
Attacks
- British Library cyberattack, 2023
- Insomniac Games data dump, releasing details of the Marvel's Wolverine game and employee details.
- Chilean army
- City of Columbus, Ohio in July 2024 where over 3 TB of data was released onto the dark web, after an attempt to extort $1.7M (30 Bitcoin) from the city.
- Seattle-Tacoma International Airport, August 2024
- Rutherford County Schools (Tennessee), November 2024
- Pembina Trails School Division, December 2024
Ransomware as a service
The US CISA report states: