Ransomware, Threat Intelligence

Healthcare sector targeted by Rhysida ransomware operation

BleepingComputer reports that healthcare organizations in North and South America, Western Europe, and Australia were noted by the Department of Health and Human Services to have been targeted by the new Rhysida ransomware operation, which according to some sources has launched the cyberattack against Prospect Medical Holdings. Such intrusions come after Rhysida originally targeted the government, education, manufacturing, technology, and managed service provider industries in its initial attacks in May, according to the HHS. After obtaining initial access through phishing emails, Rhysida proceeds with the deployment of PowerShell and Cobalt Strike scripts, as well as a locker, a report from Trend Micro revealed. Moreover, Rhysida's latest locker was noted in Cisco Talos report to leverage 4096-bit RSA key with the ChaCha20 algorithm for encrypting files, while excluding certain filetypes. Meanwhile, Rhysida has been linked by CheckPoint researchers to the Vice Society ransomware gang due to similarities between both groups' extortion site publishing times and targeting patterns.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.