Category: Rhysida

The Rhysida Ransomware gang, a notorious group known for their file-encrypting malware, has announced that they will be selling data stolen from The Washington Times’ servers for $304,500 in Bitcoin within a week.

This indicates that the gang had previously encrypted the servers of the conservative newspaper and has now decided to monetize the stolen information by listing it on the dark web. The move raises speculation that the group might be using the name of an American newspaper to attract international media attention.

It remains uncertain whether the data being advertised genuinely belongs to The Washington Times. Only time will reveal the accuracy of these claims.

Named after a centipede and typically focused on healthcare-related networks, Rhysida has been a significant concern for national infrastructure. In November 2023, CISA and the FBI issued a joint advisory warning of imminent threats from the Rhysida group. Further investigation by cybersecurity firm Sophos revealed that the Vice Society gang is behind Rhysida, operating as a business that offers malware as a service.

Given that Rhysida communicates in Russian, it is likely that they are funded by Kremlin intelligence, making their extradition highly unlikely unless the Russian government chooses to intervene. This same group has also been linked to the British Library cyber attack and the data breaches involving Insomniac Games.

The post Rhysida Ransomware selling The Washington Times data for $304,500 appeared first on Cybersecurity Insiders.

During the holiday season of Christmas 2023, a ransomware attack targeted the Ohio Lottery, causing disruptions to its operations. The gaming company is currently in the process of recovering its encrypted data and is consulting with security experts to expedite the recovery. As a result of the attack, services such as prize and cash claims exceeding $599 are temporarily unavailable. Customers are advised to use alternative digital channels to access their winnings. The newly identified ransomware group, DragonForce, has claimed responsibility for the attack, revealing its ability to extract sensitive information, including social security numbers and dates of birth.

Eagers Automotive, an Australia-based company specializing in the sale of internationally renowned car brands, experienced a malware attack on December 27, 2023. The hackers managed to siphon a small portion of data, leading to severe disruptions in the company’s servers. With over 300 branches across various locations, including Queensland, Adelaide, Darwin, Melbourne, Perth, Sydney, Tasmania, Auckland, and NSW, the company’s digital operations were temporarily inaccessible to both staff and customers.

Yakult Australia, a well-known probiotic brand, faced a cyber attack, likely a ransomware variant, resulting in the exposure of sensitive files such as employee passport details on the dark web. Despite the company’s refusal to meet the hackers’ demands, its IT staff is actively working to mitigate the risks associated with the data breach. Yakult Australia has a robust data continuity plan, and the restoration of IT systems is expected by the first week of January 2024. The recently identified DragonForce Ransomware openly claimed responsibility for breaching the company’s servers.

In Germany, the LockBit Ransomware group targeted a hospital chain, leading to the cancellation of emergency services and ambulance diversions. The impacted hospitals, including Sankt Vinzenz Hospital, Mathilde Hospital Herford, and Franziskus Hospital Bielefeld, issued a press statement acknowledging the disruption to their IT services. The Katholische Hospitalvereinigung Ostwestfallen (KHO) has issued a press statement that its hospital chain’s IT services were impacted on the eve of this Christmas 2023 and its doctors and staff were doing their best in providing the emergency care to the needy.

EasyParkGroup, a prominent European parking app, fell victim to a cyber attack, likely a ransomware incident. The attackers gained access to personal details of users, including names, phone numbers, addresses, email addresses, and credit card numbers, which were then copied to foreign servers. Users are urged to monitor their credit card statements for any suspicious activity. The company has committed to implementing enhanced security measures to mitigate the risks associated with the breach.

In Jordan, the Rhysida Ransomware group targeted Abdali Hospital, employing a double extortion tactic. The group has given the hospital a seven-day ultimatum to pay 10 BTC, after which it threatens to disclose the stolen data on the dark web and auction it to the highest bidder.

The post Trending Ransomware news headlines on Google appeared first on Cybersecurity Insiders.