Rhysida Ransomware.

A ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches. Относится к категории Вредоносное ПО в кибербезопасности.

A ransomware-as-a-service group first observed in May 2023, known for targeting healthcare, education, and government victims and for high-profile attacks including the British Library and Insomniac Games breaches.

Rhysida is a ransomware-as-a-service group that emerged in May 2023 and quickly became one of the more active newcomers in the 2023–2025 cybercrime landscape, joining a wave of post-LockBit/post-ALPHV operators. The encryptor is written in C++ and uses AES-256 plus ChaCha20 hybrid encryption with file extensions changed to `.rhysida`, leaving the ransom note `CriticalBreachDetected.pdf`. Rhysida favors double-extortion: it exfiltrates data to its 'Rhysida' Tor leak site before encryption and lists victims publicly to pressure payment. The actor has hit a notably broad mix of sectors — local government, K-12 schools, hospitals (Prospect Medical, several U.K. NHS supply chains), the British Library (October 2023, a months-long outage), and Insomniac Games (Sony, December 2023). Initial access has included VPN credentials harvested by info-stealers, phishing, and exploitation of known vulnerabilities; affiliates often use Cobalt Strike, AnyDesk/Atera, and Mimikatz post-exploitation. CISA, the FBI, MS-ISAC, and U.K. NCSC published joint advisories on Rhysida TTPs in late 2023.

Защита от Rhysida Ransomware обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Rhysida.