Site icon

Rhysida and the Growth of Ransomware in 2023

Ransomware isn’t going anywhere… in fact, it’s only growing. As several studies show, the threat of ransomware associated with attacks like phishing and APTs is only increasing, and hacking groups are leveraging ransoms to generate significant revenue while also threatening proprietary data. 

The latest threat, the Rhysida malware, is just the latest of these threats tearing through the healthcare and financial industry. 

 

What Is the Rhysida Malware?

Rhysida ransomware is a significant and emerging threat in the cybersecurity landscape, gaining attention for its attacks on organizations worldwide, including high-profile incidents like the compromise of the Chilean Army and healthcare organizations in various countries.

Rhysida ransomware typically infiltrates systems through phishing attacks. Once inside, it employs tools like Cobalt Strike and PowerShell scripts for lateral movement and to execute its payload. 

The ransomware is known for using a 4096-bit RSA key and AES-CTR for file encryption, appending the .rhysida extension to encrypted files. The ransom note presented by Rhysida is somewhat unique, disguising itself as an alert from a “cybersecurity team” and offering assistance to victims in identifying security weaknesses.

Following this, the ransomware uses tasks for persistence and modifies registry keys to drop ransom notes. Before encrypting files, Rhysida exfiltrates sensitive data from the victim’s system, which is then used for double extortion.

The ransomware has been observed to be in active development, with its operators updating scripts and tools to enhance its effectiveness. Despite its growing scale of activities, Rhysida’s locker still needs to be in the early development stages, missing some standard features found in more mature ransomware strains.

 

The Growth of Ransomware in 2023

Ransomware attacks significantly increased in 2023, with some alarming trends and statistics emerging across various industries.

Additionally, there have been specific changes in ransomware growth that depend on the industry:

 

A Multifaceted Defense for Protecting Against Ransomware

For those well-versed in the intricacies of cybersecurity, here’s an arsenal of advanced strategies to thwart ransomware before it becomes a problem:

An ounce of prevention is worth a pound of cure. You can build a robust defense against the ever-evolving ransomware threat by employing these advanced strategies before problems take shape. 

 

Keep Your Organization On Top of Ransomware Threats with Continuum GRC

Want a solution that can help you monitor compliance controls across your organization? Trust Continuum GRC. 

Continuum GRC is a cloud platform that can take something as routine and necessary as regular vulnerability scanning and reporting under FedRAMP and make it an easy and timely part of business in the public sector. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

We are the only FedRAMP and StateRAMP-authorized compliance and risk management solution worldwide.

Continuum GRC is a proactive cyber security® and the only FedRAMP and StateRAMP-authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id= “43885”]

Exit mobile version