Fears that attacks on government, academia, and manufacturing will spread to health care.
Federal cybersecurity experts are warning about a new hacker emerging in computer attacks around the world.
Rhysida became known in May 2023 as a new ransomware-as-a-service (RaaS) group that uses phishing emails and the program Cobalt Strick to attack computer networks, according to the Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health and Human Services.
“The group threatens to publicly distribute the exfiltrated data if the ransom is not paid,” said a new sector alert published by HC3.
“Rhysida is still in early stages of development,” but advanced enough to launch attacks in Western Europe, North and South America, and Australia.
The group may be best known for an attack against the army of Chile. News reports stated Rhysida leaked documents they claimed were stolen from the Chilean army’s network.
“They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there has been recent attacks against the health care and public health (HPH) sector,” the HC3 brief said.
Named for a genus of centipede, “Rhysida describes itself as a ‘cybersecurity team’ that aims to help victims highlight potential security issues and secure their networks,” according to HC3
Victims receive ransom notes threatening public disclosure of exfiltrated data. The ransom notes are written as PDF documents, one of the few potential clues about a group whose origins remain shadowy.
“This potentially provides some insight into the types of systems or networks that the threat group targets, as the presence of these ransom notes could indicate that the targeted systems have the capability to handle PDF documents,” the HC3 sector alert said.
Victims are instructed to pay in Bitcoin.
It appeared the United States, the United Kingdom, Italy, and Spain were the countries with the most targets so far. It appeared the group may be independent, showing no overt connections to existing ransomware operations.
However, some security researchers have alleged there is a relationship with the hacking group Vice Society, which targets small to medium-sized educational and health care organizations. “If there is indeed a linkage between both groups, then it is only a matter of time before Rhysida could begin to look at the healthcare sector as a viable target,” the HC3 sector alert said.
To bolster cybersecurity, HC3 recommended:
“In only a short time, Rhysida has proven itself to be a significant threat to organizations worldwide,” the HC3 warning said.