Rhysida Ransomware Epidemic
As of May 2023, the ransomware group Rhysida has caused serious damages, with at least 62 companies falling victim to its attacks, according to reports.
These attacks span various sectors such as education, healthcare, construction, technology, and government, impacting them significantly.
The attacks carried out by the Rhysida group have significant implications for the overall cybersecurity landscape. The Rhysida team is known for conducting ransomware attacks, encrypting victims’ files and demanding ransoms for their decryption. These attacks have caused substantial economic damage and raised concerns in various sectors of society.
An open-source report reveals significant similarities between the activities of the Vice Society (DEV-0832) group and the Rhysida ransomware. Rhysida operates as a Ransomware-as-a-Service (RaaS), sharing profits from ransoms. Attackers use external services and employ techniques like Zerologon for initial network access. Additionally, the report uncovers the use of Zerologon (CVE-2020-1472) in Microsoft’s Netlogon Remote Protocol in phishing attempts and the use of network management tools.
This group threatens to auction off stolen company data, and recently, the British Library has become one of its victims.
The #StopRansomware initiative addresses the attacks by the Rhysida group and other ransomware groups. The initiative aims to inform and educate the public about the threats posed by ransomware and provide guidelines for its protection and mitigation. Through this initiative, authorities seek to reduce the success of ransomware attacks and safeguard users and businesses from the negative consequences.