Rhysida (hacker Group)
   HOME

TheInfoList



OR:

Rhysida is a
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
group that encrypts data on victims'
computer system A computer is a machine that can be programmed to automatically carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic sets of operations known as ''programs'', wh ...
s and threatens to make it publicly available unless a ransom is paid. The group uses eponymous ransomware-as-a-service techniques, targets large organisations rather than making random attacks on individuals, and demands large sums of money to restore data. The group perpetrated the notable 2023 British Library cyberattack and
Insomniac Games Insomniac Games, Inc. is an American video game developer based in Burbank, California, and part of PlayStation Studios. It was founded in 1994 by Ted Price as Xtreme Software, and was renamed Insomniac Games a year later. The company is most ...
data dump. It has targeted many organisations, including some in the US healthcare sector, and the
Chilean army The Chilean Army () is the land arm of the Chilean Armed Forces. This 80,000-person army (9,200 of which are conscripts) is organized into six divisions, an army aviation brigade and a special operations brigade. In recent years, and after sever ...
. In November 2023, the US agencies
Cybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cyber ...
(CISA),
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
and
MS-ISAC The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasi ...
published an alert about the Rhysida ransomware and the actors behind it, with information about the techniques the ransomware uses to infiltrate targets and its mode of operation. The group may be based in the
Commonwealth of Independent States The Commonwealth of Independent States (CIS) is a regional organization, regional intergovernmental organization in Eurasia. It was formed following the dissolution of the Soviet Union, dissolution of the Soviet Union in 1991. It covers an ar ...
. The group takes its name from the genus of centipedes, and uses a centipede logo.


Attacks

*
British Library cyberattack In October 2023, Rhysida (hacker group), Rhysida, a hacker group, attacked the online information systems of the British Library. They demanded a ransom of 20 bitcoin, at the time around , to restore services and return the stolen data. When th ...
, 2023 *
Insomniac Games Insomniac Games, Inc. is an American video game developer based in Burbank, California, and part of PlayStation Studios. It was founded in 1994 by Ted Price as Xtreme Software, and was renamed Insomniac Games a year later. The company is most ...
data dump, releasing details of the ''
Marvel's Wolverine ''Marvel's Wolverine'' is an upcoming video game developed by Insomniac Games and published by Sony Interactive Entertainment. Based on the Marvel Comics character Wolverine, it is inspired by the long-running comic book mythology, while also d ...
'' game and employee details. *
Chilean army The Chilean Army () is the land arm of the Chilean Armed Forces. This 80,000-person army (9,200 of which are conscripts) is organized into six divisions, an army aviation brigade and a special operations brigade. In recent years, and after sever ...
* City of Columbus, Ohio in July 2024 where over 3 TB of data was released onto the dark web, after an attempt to extort $1.7M (30 Bitcoin) from the city. * Seattle-Tacoma International Airport, August 2024 *
Rutherford County Schools (Tennessee) Rutherford County Schools is a school district based in Murfreesboro, Tennessee, United States. It serves Rutherford County, Tennessee—excluding pre-kindergarten through 6th grade in Murfreesboro itself, which is served by the Murfreesboro C ...
, November 2024 *
Pembina Trails School Division Pembina Trails School Division is a school division serving the southwest communities of Winnipeg, Manitoba, with 36 schools. The Pembina Trails Teachers' Association represents approximately 1,200 professional staff employed by the Pembina Trai ...
, December 2024


Ransomware as a service

The US CISA report states:


References

{{Use dmy dates, date=March 2025 Hacker groups Ransomware 2023 in computing