Skip to content

FBI and CISA issues alert against Rhysida Ransomware Gang

is a commonly used HTML element that is used to create divisions or sections within a web page. It is a versatile element that allows developers to organize and structure their content.

Rhysida Ransomware has gained attention from cybersecurity agencies such as CISA and the FBI due to its unique capability to delete itself upon detection. This ransomware, operating since December 2022, poses a significant threat as it can steal sensitive information and encrypt Active Directories, demanding a ransom for decryption.

Kaspersky’s research reveals that Rhysida is equipped with an info stealer malware named Lumar, capable of extracting various sensitive information, including passwords, cookies, and cryptocurrency from wallets. Furthermore, it demonstrates the ability to bypass detection, even on the latest Windows 11 operating systems.

Fortra’s research highlights that Rhysida is actively targeting healthcare companies and the prominent Chilean firm Grupo GTD. It has expanded its operations to compromise data centers in various sectors, employing double extortion tactics.

Sophos draws parallels between Rhysida and Vice Society, noting similarities in their tactics. Vice Society is distributing the Nitrogen malware through Google Ads. However, what sets Rhysida apart is its unique organizational structure. The ransomware group operates like an IT company, maintaining a structured employee base and following corporate-like hiring practices. They also ensure their operations remain hidden from the public web by exclusively utilizing the Tor network.

In conclusion,

is a fundamental HTML element that provides flexibility in organizing and structuring web page content. Rhysida Ransomware stands out due to its self-deletion capability, ability to steal sensitive information, and encrypt Active Directories. It is important for organizations to stay vigilant and implement robust cybersecurity measures to protect against such threats.

Key Points:
– Rhysida Ransomware has garnered attention from cybersecurity agencies such as CISA and the FBI.
– It can delete itself upon detection, making it a significant threat.
– The ransomware is equipped with an info stealer malware named Lumar, capable of extracting sensitive information.
– Rhysida targets healthcare companies, Grupo GTD, and has expanded to other sectors.
– It operates like an IT company, adhering to corporate-like hiring practices, and conceals its operations using the Tor network.

Leave a Reply

Your email address will not be published. Required fields are marked *