Rhysida Ransomware has gained attention from cybersecurity agencies such as CISA and the FBI due to its unique capability to delete itself upon detection. This ransomware, operating since December 2022, poses a significant threat as it can steal sensitive information and encrypt Active Directories, demanding a ransom for decryption.
Kaspersky’s research reveals that Rhysida is equipped with an info stealer malware named Lumar, capable of extracting various sensitive information, including passwords, cookies, and cryptocurrency from wallets. Furthermore, it demonstrates the ability to bypass detection, even on the latest Windows 11 operating systems.
Fortra’s research highlights that Rhysida is actively targeting healthcare companies and the prominent Chilean firm Grupo GTD. It has expanded its operations to compromise data centers in various sectors, employing double extortion tactics.
Sophos draws parallels between Rhysida and Vice Society, noting similarities in their tactics. Vice Society is distributing the Nitrogen malware through Google Ads. However, what sets Rhysida apart is its unique organizational structure. The ransomware group operates like an IT company, maintaining a structured employee base and following corporate-like hiring practices. They also ensure their operations remain hidden from the public web by exclusively utilizing the Tor network.
– Rhysida Ransomware has garnered attention from cybersecurity agencies such as CISA and the FBI.
– It can delete itself upon detection, making it a significant threat.
– The ransomware is equipped with an info stealer malware named Lumar, capable of extracting sensitive information.
– Rhysida targets healthcare companies, Grupo GTD, and has expanded to other sectors.
– It operates like an IT company, adhering to corporate-like hiring practices, and conceals its operations using the Tor network.