The FBI and CISA have issued warnings about attacks against various industry sectors by the Rhysida ransomware group.
The Rhysida ransomware group has been active since May 2023. According to the group’s dark web leak site, at least 62 organizations have been named.
Education, healthcare, manufacturing, information technology, and government sectors have been the main targets of Rhysida.
Rhysida actors have been observed leveraging external-facing remote services to initially access and persist within a network.
Additionally, third-party researchers identified evidence of Rhysida actors developing custom tools with program names set to “Rhysida-0.1”