Rhysida Ransomware
Rhysida Ransomware とは何ですか?
Rhysida RansomwareA ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches.
Rhysida is a ransomware-as-a-service group that emerged in May 2023 and quickly became one of the more active newcomers in the 2023–2025 cybercrime landscape, joining a wave of post-LockBit/post-ALPHV operators. The encryptor is written in C++ and uses AES-256 plus ChaCha20 hybrid encryption with file extensions changed to `.rhysida`, leaving the ransom note `CriticalBreachDetected.pdf`. Rhysida favors double-extortion: it exfiltrates data to its 'Rhysida' Tor leak site before encryption and lists victims publicly to pressure payment. The actor has hit a notably broad mix of sectors — local government, K-12 schools, hospitals (Prospect Medical, several U.K. NHS supply chains), the British Library (October 2023, a months-long outage), and Insomniac Games (Sony, December 2023). Initial access has included VPN credentials harvested by info-stealers, phishing, and exploitation of known vulnerabilities; affiliates often use Cobalt Strike, AnyDesk/Atera, and Mimikatz post-exploitation. CISA, the FBI, MS-ISAC, and U.K. NCSC published joint advisories on Rhysida TTPs in late 2023.
● 例
- 01
Rhysida claimed responsibility for the October 2023 British Library attack, which disrupted catalog, payment, and IT systems for many months.
- 02
An MSSP detects Rhysida pre-encryption by alerting on Atera / AnyDesk installations on unmanaged servers, a recurring tradecraft pattern.
● よくある質問
Rhysida Ransomware とは何ですか?
A ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches. サイバーセキュリティの マルウェア カテゴリに属します。
Rhysida Ransomware とはどういう意味ですか?
A ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches.
Rhysida Ransomware はどのように機能しますか?
Rhysida is a ransomware-as-a-service group that emerged in May 2023 and quickly became one of the more active newcomers in the 2023–2025 cybercrime landscape, joining a wave of post-LockBit/post-ALPHV operators. The encryptor is written in C++ and uses AES-256 plus ChaCha20 hybrid encryption with file extensions changed to `.rhysida`, leaving the ransom note `CriticalBreachDetected.pdf`. Rhysida favors double-extortion: it exfiltrates data to its 'Rhysida' Tor leak site before encryption and lists victims publicly to pressure payment. The actor has hit a notably broad mix of sectors — local government, K-12 schools, hospitals (Prospect Medical, several U.K. NHS supply chains), the British Library (October 2023, a months-long outage), and Insomniac Games (Sony, December 2023). Initial access has included VPN credentials harvested by info-stealers, phishing, and exploitation of known vulnerabilities; affiliates often use Cobalt Strike, AnyDesk/Atera, and Mimikatz post-exploitation. CISA, the FBI, MS-ISAC, and U.K. NCSC published joint advisories on Rhysida TTPs in late 2023.
Rhysida Ransomware からどのように防御しますか?
Rhysida Ransomware に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。
Rhysida Ransomware の別名は何ですか?
一般的な別名: Rhysida。
● 関連用語
- malware№ 1004
ランサムウェア
被害者のデータを暗号化したりシステムをロックしたりし、復旧と引き換えに金銭を要求するマルウェア。
- malware№ 1006
ランサムウェア・アズ・ア・サービス(RaaS)
ランサムウェアの開発・運営チームがマルウェアとインフラを攻撃実行役のアフィリエイトに貸し出し、身代金を分配する犯罪ビジネスモデル。
- defense-ops№ 1005
ランサムウェアギャング
金銭目的のサイバー犯罪グループで、ランサムウェアを開発・運用・配布し、ファイル暗号化とデータ漏洩の脅迫によって組織を恐喝する。
- attacks№ 307
データリーク
攻撃者による積極的な侵入ではなく、設定ミスや人為的なミスによって機微なデータが意図せず公開・露出してしまう状態。
- defense-ops№ 695
LockBit
ロシア語圏のランサムウェア・アズ・ア・サービス運営で、2022—2024 年に世界で最も活発なランサムウェアブランドとなり、Operation Cronos によって大きく無力化された。
- defense-ops№ 115
BlackCat / ALPHV
2021 年末から 2024 年まで活動した Rust 製ランサムウェア・アズ・ア・サービスで、クロスプラットフォームの暗号化と攻撃的な多段恐喝で知られる。