The Rhysida ransomware gang has been busy carrying out cyber attacks on organizations in different parts of the world. The Chilean Army and the territorial collectivity of Martinique have been the latest organizations to fall victim to the gang’s activities. Rhysida announced the cyber attack on the Chilean Army and even went on to auction off sensitive data obtained from the Army. Similarly, Martinique, a French overseas territory, has been hit by random attacks from the threat actor.
Dominic Alvieri, a cybersecurity analyst, has shared details of the attacks that Rhysida has claimed responsibility for on his Twitter page. The details included information about the compromise of the Chilean Army’s systems and auctioning off the sensitive information obtained. The extent of the damage done by the attacks is yet to be fully understood, and The Cyber Express, a cybersecurity news website, is reaching out to find out more about the aftermath of the attacks.
Rhysida Ransomware Gang’s Activities
The Rhysida ransomware gang has become notorious for hosting a victim support chat portal hosted via TOR (.onion). They claim to be a “cybersecurity team” that aims to raise awareness about the security vulnerabilities of their targets. However, their methods involve infiltrating systems and holding the victims’ data hostage, demanding ransom payments to release it.
SentinelOne, a cybersecurity firm, has reported that the specific targets of the Rhysida Ransomware Gang seem to be random, and their campaigns are not explicitly targeted but rather opportunistic. This suggests that any organization or individual could fall victim to their attacks. Rhysida ransomware is deployed through various means, including utilizing Cobalt Strike or similar frameworks and launching phishing campaigns.
Rhysida Ransomware Gang’s Modus Operandi
Once launched, Rhysida ransomware displays a cmd.exe window, systematically traversing all files on the local drives of the infected system. To negotiate with the attackers, victims are instructed to contact them through their TOR-based portal using the unique identifier provided in the ransom notes. Payment in Bitcoin (BTC) is the only accepted method, and victims are given information on purchasing and using BTC on the victim portal.
To ensure their message is delivered effectively, the Rhysida Ransomware Gang writes ransom notes in PDF documents placed in the affected folders on the targeted drives. These two cyberattacks highlight the threat actor’s ability to infiltrate well-protected systems.
Conclusion
The Rhysida ransomware gang has launched a series of cyber attacks on organizations globally, and the Chilean Army and the territorial collectivity of Martinique are the latest targets on their list. Their modus operandi involves systematically encrypting files on an infected system and negotiating with the attackers for their release. The Rhysida gang’s attacks appear to be opportunistic, with any organization or individual vulnerable to their attacks. The extent of the damage caused by the latest attacks is still being assessed, and The Cyber Express is conducting more research on the matter.
It is recommended that organizations and individuals take cybersecurity seriously and follow the best practices in protecting their systems against ransomware attacks. These include regularly updating system software, backing up data frequently, ensuring strong passwords are used, and training staff to spot phishing attacks. Organizations should also have a comprehensive incident response plan in place to minimize the damage caused by attacks.