Ransomware group Rhysida behind attacks on healthcare organisations in USA

The group, first discovered in May 2023, has come under spotlight after conducting recent cyberattacks.

Hooded computer hacker working on desktop PC computer

The Rhysida ransomware group is in the spotlight after a bulletin published by the US Department of Health and Human Services (HHS) highlighted its recent cyberattacks on healthcare organizations in the USA.

HHS noted, ‘They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there has been recent attacks against the Healthcare and Public Health (HPH) sector.’ The gang’s victims, according to HHS, are distributed throughout several countries across Western Europe, North and South America, and Australia.

Post this warning, several other companies, such as CheckPoint, Cisco Talos, and Trend Micro, have released reports on various aspects of Rhysida operations. Trend Micro noted that the threat group uses phishing emails to enter systems, then deploys Cobalt Strike and PowerShell scripts, and eventually deploys the locker. CheckPoint connects the Rhysida gang to the now-defunct Vice Society, assessing with at least medium confidence that Vice Society operators are now using Rhysida ransomware.

In June, this ransomware gang came into focus after leaking stolen documents from the Chilean Army (Ejército de Chile) on its data leak site.