Rhysida is a new ransomware group that has emerged since May 2023 and is now targeting healthcare systems, the U.S. Dept. of Health and Human Services said in an alert.
The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin.
There have been recent attacks against the Healthcare and Public Health sector, HHS warned. Read more.