Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Rhysida (hacker group)
open-in-new
<h2 id="attacks">Attacks</h2> <ul><li><a href="/facts/British_Library_cyberattack/Ez1bxQpR">British Library cyberattack</a>, 2023</li> <li><a href="/facts/Insomniac_Games/PDTft82r">Insomniac Games</a> data dump, releasing details of the <i><a href="/facts/Marvel%2527s_Wolverine/hsIS3Roq">Marvel's Wolverine</a></i> game and employee details.<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a><a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a></li> <li><a href="/facts/Chilean_army/d4Re7ECh">Chilean army</a><a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a><a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a></li> <li>City of <a href="/facts/Columbus%2c_Ohio/mREa53Ub">Columbus</a>, Ohio<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> in July 2024 where over 3 TB of data was released onto the dark web, after an attempt to extort $1.7M (30 Bitcoin) from the city.</li> <li><a href="/facts/Seattle-Tacoma_International_Airport/PtuH8H4m">Seattle-Tacoma International Airport</a>, August 2024<a class="footnote-ref" id="fnref:15" href="#fn:15"><sup>15</sup></a></li> <li><a href="/facts/Rutherford_County_Schools_(Tennessee)/zeltYI5o">Rutherford County Schools (Tennessee)</a>, November 2024<a class="footnote-ref" id="fnref:16" href="#fn:16"><sup>16</sup></a></li> <li><a href="/facts/Pembina_Trails_School_Division/2BowpgFE">Pembina Trails School Division</a>, December 2024<a class="footnote-ref" id="fnref:17" href="#fn:17"><sup>17</sup></a></li></ul> <h2 id="ransomware-as-a-service">Ransomware as a service</h2> <p>The US <a href="/facts/Cybersecurity_and_Infrastructure_Security_Agency/I5eGw794">CISA</a> report states:<a class="footnote-ref" id="fnref:18" href="#fn:18"><sup>18</sup></a> </p> <blockquote><p>Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors. Open source reporting details similarities between Vice Society (DEV-0832) activity and the actors observed deploying Rhysida ransomware. Additionally, open source reporting has confirmed observed instances of Rhysida actors operating in a ransomware-as-a-service (RaaS) capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model. Any ransoms paid are then split between the group and the affiliates.</p></blockquote> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Milmo, Dan (24 November 2023). "Rhysida, the new ransomware gang behind British Library cyber-attack". The Guardian. Retrieved 23 December 2023. <a href="https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack" target="_blank">https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Hollingworth, David (19 December 2023). "Snikt! Rhysida dumps more than a terabyte of Insomniac Games' internal data". www.cyberdaily.au. Retrieved 23 December 2023. <a href="https://www.cyberdaily.au/culture/9959-snikt-rhysida-dumps-more-than-a-terabyte-of-insomniac-games-internal-data" target="_blank">https://www.cyberdaily.au/culture/9959-snikt-rhysida-dumps-more-than-a-terabyte-of-insomniac-games-internal-data</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Milmo, Dan (24 November 2023). "Rhysida, the new ransomware gang behind British Library cyber-attack". The Guardian. Retrieved 23 December 2023. <a href="https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack" target="_blank">https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Acres, Tom (20 December 2023). "Wolverine: What we know about the cyberattack that leaked one of PlayStation's most anticipated games". Sky News. <a href="https://news.sky.com/story/wolverine-what-we-know-about-the-cyberattack-that-leaked-one-of-playstations-most-anticipated-games-13034721" target="_blank">https://news.sky.com/story/wolverine-what-we-know-about-the-cyberattack-that-leaked-one-of-playstations-most-anticipated-games-13034721</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Cluley, Graham (10 August 2023). "Rhysida ransomware – what you need to know". Tripwire. <a href="/wiki/Graham_Cluley" target="_blank">/wiki/Graham_Cluley</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware". Cybersecurity and Infrastructure Security Agency (CISA). 15 November 2023. Retrieved 23 December 2023. <a href="https://www.cisa.gov/news-events/alerts/2023/11/15/cisa-fbi-and-ms-isac-release-advisory-rhysida-ransomware" target="_blank">https://www.cisa.gov/news-events/alerts/2023/11/15/cisa-fbi-and-ms-isac-release-advisory-rhysida-ransomware</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"#StopRansomware: Rhysida Ransomware". Cybersecurity and Infrastructure Security Agency (CISA). 15 November 2023. Alert Code AA23-319A. Retrieved 23 December 2023. <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a" target="_blank">https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Milmo, Dan (24 November 2023). "Rhysida, the new ransomware gang behind British Library cyber-attack". The Guardian. Retrieved 23 December 2023. <a href="https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack" target="_blank">https://www.theguardian.com/technology/2023/nov/24/rhysida-the-new-ransomware-gang-behind-british-library-cyber-attack</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>Cluley, Graham (10 August 2023). "Rhysida ransomware – what you need to know". Tripwire. <a href="/wiki/Graham_Cluley" target="_blank">/wiki/Graham_Cluley</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Acres, Tom (20 December 2023). "Wolverine: What we know about the cyberattack that leaked one of PlayStation's most anticipated games". Sky News. <a href="https://news.sky.com/story/wolverine-what-we-know-about-the-cyberattack-that-leaked-one-of-playstations-most-anticipated-games-13034721" target="_blank">https://news.sky.com/story/wolverine-what-we-know-about-the-cyberattack-that-leaked-one-of-playstations-most-anticipated-games-13034721</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>"Insomniac: PlayStation studio 'angered' by ransomware hack". BBC News. 22 December 2023. Retrieved 24 December 2023. <a href="https://www.bbc.co.uk/news/newsbeat-67805736" target="_blank">https://www.bbc.co.uk/news/newsbeat-67805736</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>Cluley, Graham (10 August 2023). "Rhysida ransomware – what you need to know". Tripwire. <a href="/wiki/Graham_Cluley" target="_blank">/wiki/Graham_Cluley</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>"Rhysida Ransomware Gang Strikes Again, Targets Chilean Army And Martinique". The Cyber Express. 12 June 2023. Retrieved 25 December 2023. <a href="https://thecyberexpress.com/rhysida-ransomware-gang-cyber-attack/#:~:text=The%20notorious%20Rhysida%20ransomware%20gang%20has%20attacked%20Ej%C3%A9rcito,the%20Chilean%20Army%20on%20a%20dark%20web%20forum." target="_blank">https://thecyberexpress.com/rhysida-ransomware-gang-cyber-attack/#:~:text=The%20notorious%20Rhysida%20ransomware%20gang%20has%20attacked%20Ej%C3%A9rcito,the%20Chilean%20Army%20on%20a%20dark%20web%20forum.</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>Bush, Bill. "Hackers release reams of stolen Columbus data on dark web". The Columbus Dispatch. Retrieved 10 August 2024. <a href="https://eu.dispatch.com/story/news/local/2024/08/08/city-columbus-data-public-dark-web-ransomware-hack-cyber-ohio-cybersecurity-stolen/74718671007/" target="_blank">https://eu.dispatch.com/story/news/local/2024/08/08/city-columbus-data-public-dark-web-ransomware-hack-cyber-ohio-cybersecurity-stolen/74718671007/</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> <li id="fn:15"><p>"Sea-Tac cyberattack caused by global ransomware gang, Port says". The Seattle Times. 13 September 2024. Retrieved 15 September 2024. <a href="https://www.seattletimes.com/life/travel/sea-tac-cyberattack-caused-by-global-ransomware-gang-port-says/" target="_blank">https://www.seattletimes.com/life/travel/sea-tac-cyberattack-caused-by-global-ransomware-gang-port-says/</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></p></li> <li id="fn:16"><p>"Hackers appear to sell data stolen from Rutherford County Schools". WKRN News 2. 11 December 2024. Retrieved 11 December 2024. <a href="https://www.wkrn.com/news/local-news/hackers-appear-to-sell-data-stolen-from-rutherford-county-tn-schools/amp/" target="_blank">https://www.wkrn.com/news/local-news/hackers-appear-to-sell-data-stolen-from-rutherford-county-tn-schools/amp/</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></p></li> <li id="fn:17"><p>Kitching, Chris (10 April 2025). "Hackers put price of $1.6M on student data". Winnipeg Free Press. Archived from the original on 14 April 2025. Retrieved 14 April 2025. <a href="https://www.winnipegfreepress.com/breakingnews/2025/04/10/hackers-put-price-of-1-6m-on-personal-information-about-winnipeg-students-school-division-employees" target="_blank">https://www.winnipegfreepress.com/breakingnews/2025/04/10/hackers-put-price-of-1-6m-on-personal-information-about-winnipeg-students-school-division-employees</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></p></li> <li id="fn:18"><p>"#StopRansomware: Rhysida Ransomware". Cybersecurity and Infrastructure Security Agency (CISA). 15 November 2023. Alert Code AA23-319A. Retrieved 23 December 2023. <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a" target="_blank">https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></p></li> </ol>