The team behind the Rhysida Ransomware has carried out many attacks on critical organisations, such as hospitals, power stations, power plants Energy and schools in the UK, Europe and the Middle East.
It appeared in May 2023, and within nine months had attacked 77 companies and public organisations, according to the allegations of hackers. The security research team of eSentire, Threat Response Unit (TRU), studied the attacks and confirmed the authenticity of the victims listed on the leak website data of the Rhysida ransomware group.
Recent targets of Rhysida attacks include critical infrastructure. Acting as a provider Ransomware-as-a-Service (RaaS), Rhysida offers its tools and infrastructure to other cybercriminals, who carry out their attacks and then give part of the ransom to the Rhysida developers.
See also: Decryption Tool for Rhysida Ransomware!
New findings on Rhysida ransomware and relationship with Vice Society
According to a Report TRU (reported in Infosecurity Magazine), similarities were identified between the Rhysida Group's tactics, techniques and procedures (TTP) and those of vice society. This connection had previously been made by the researchers of Check Point.
According to eSentire, the Vice Society was very active until May 2023. At that time, the Rhysida ransomware appeared. Previously, Vice Society had targeted organizations in the education and health care, as the Rhysida group has recently done.
Mode of operation and impact of attacks
The Rhysida ransomware group uses double blackmail tactics, like most gangs today. Hackers are stealing data from targeted systemsbefore encrypting the files. They then demand huge sums of money from the victims to regain access to their data and avoid making the stolen information public.
One of the most recent and significant attacks, using the tactic of double blackmail, was the one in British Library.
See also: Wolverine: Rhysida ransomware leaks game data
“The Rhysida hackers not only encrypted many of the library's systems, but also stole 600 gigabytes of information, including personal information related to some of the Employees of the library", eSentire wrote.
Protection from attacks
According to the Keegan Keplinger, a senior threat researcher at eSentire's TRU, the hackers behind Rhysida are targeting some of a company's most valuable and sensitive data.
Strong measures are therefore necessary Security to protect against ransomware attacks:
One of the most effective methods of protection against ransomware is the update and the user education. Users should be aware of the risks associated with opening suspicious emails or visiting untrustworthy websites.
See also: Wolverine: Rhysida ransomware leaks game data
The installation of a reliable security software is another important method of protection. This software must include protection against malware, ransomware protection, phishing and virus protection.
Also, the regular backups of important data can prevent data loss in the event of a ransomware attack. Backups should be stored in a safe place, offline.
Finally, the updating the operating system and applications is vital to protect against ransomware. The updates often include security patches that can prevent ransomware attacks.
Source : www.infosecurity-magazine.com
