Category: Rhysida Ransomware

Sony has initiated an inquiry into a security breach affecting its game developer division, ‘Insomniac Games.’ The investigation has confirmed that the incident resulted in the unauthorized access and leakage of employee information, as well as details related to upcoming game designs and coding. Among the victims is Yuri, the voice behind the character Peter Parker in Spider-Man 2, whose Passport details were compromised.

The full extent of the situation is still under examination, as the severity of the breach is yet to be determined. The responsible criminal group, known as Rhysida, has further substantiated their claims by releasing a screenshot of the upcoming Wolverine Game.

This isn’t the first time Sony Entertainment has been targeted; a similar attack occurred in May of this year, primarily exploiting a vulnerability in MoveIT software.

Recognizing the gravity of the cyber threat, the US Department of Justice, in collaboration with the Cybersecurity and Infrastructure department, issued an alert to all government organizations. The advisory recommends reinforcing security infrastructure through the implementation of Multi-Factor Authentication and raising awareness among employees about the current cyber threat landscape.

Meanwhile, the Rhysida Ransomware group has issued a 7-day ultimatum to Insomniac staff. Failure to pay the ransom of BTC 50 within the specified timeframe will result in the public release or sale of all stolen data on the dark web.

Interestingly, the criminals have assured that upon successful payment recovery, all stolen data will be promptly deleted from their servers. They have also added a peculiar note, stating that potential bidders for the data will be served with a one-time transaction, with no subsequent resale of the information permitted….pure business ethics…ahh!

The post Rhysida Ransomware targets Sony Insomniac appeared first on Cybersecurity Insiders.

Last month, the British Library Computer Network fell victim to a ransomware attack, purportedly carried out by the Rhysida Ransomware, a newly identified malware variant. The perpetrators are now demanding a ransom of 20 bitcoins to decrypt the compromised database and return the stolen data.

Despite the ransom demand, the British Library staff has opted not to comply and has enlisted the assistance of law enforcement and forensic experts to navigate the situation. The decision is rooted in the cautionary advice provided by the US-CERT, in collaboration with the FBI, which highlights the uncertainty surrounding the hackers’ commitment to returning the data even if the ransom is paid. Additionally, there is a significant risk that the stolen information might be released on the dark web in the future.

While the London research library has not issued an official statement on the matter, a credible source from the National Library of the United Kingdom suggests that the HR database may have been compromised. This could potentially expose details related to salaries, pay raises, and certain staff information.

The cyber attack occurred on October 28, 2023, and the assailants have given the library management a 7-day grace period to meet their ransom demands, following a 15-day window since the initial breach. Failure to comply within this timeframe may result in serious consequences for the library staff.

It’s worth noting that a recent incident involving the ransomware group ALPHV, also known as BlackCat, saw the group filing a complaint with the SEC against Meridian Link. The complaint alleges that Meridian Link failed to promptly inform its customers about a cyber attack within a prescribed 4-day timeframe.

The post Rhysida Ransomware demands 20 BTC from British Library appeared first on Cybersecurity Insiders.

Rhysida Ransomware, operating since December 2022, has garnered attention from the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Both agencies have issued warnings about this ransomware, noting its unique capability to delete itself upon detection.

Kaspersky’s research reveals that Rhysida is equipped with an info stealer malware named Lumar. This malicious software is proficient in extracting sensitive information such as Telegram sessions, passwords, cookies, auto-fill data, desktop files, and even cryptocurrency from wallets. Notably, the malware, crafted in C++, demonstrates the ability to bypass detection, even on the latest Windows 11 operating systems. Additionally, Rhysida can encrypt Active Directories, demanding a ransom for decryption.

Fortra’s research delves deeper, identifying the malware-as-a-service team actively targeting healthcare companies and the prominent Chilean firm Grupo GTD. Beginning in September 2023, the hacking group expanded its operations to compromise data centers in education, manufacturing, IT, and government sectors, employing double extortion tactics.

Sophos draws parallels between Rhysida and Vice Society, noting similarities in their tactics. Vice Society is currently distributing the Nitrogen malware through Google Ads.

What sets Rhysida apart is its organizational structure. The ransomware group operates like an IT company, maintaining a structured employee base and following corporate-like hiring practices. They adhere to strict guidelines in concealing their operations from the public web, exclusively utilizing the Tor network for their activities.

The post FBI and CISA issues alert against Rhysida Ransomware Gang appeared first on Cybersecurity Insiders.