A new ransomware group called Rhysida has been recently targeting healthcare by breaching networks and demanding a ransom, according to an Aug. 4 alert from HHS's Health Sector Cybersecurity Coordination Center.
Rhysida uses phishing attacks and Cobalt Strike to breach networks and threaten to release all stolen data unless a ransom is paid. The group leaves a PDF note instructing the victim how they must contact the group and which payment method to use.
The group emerged in May and has victims throughout various industries within 12 countries across North and South America, Western Europe and Australia. The United States is targeted most frequently.
Rhysida created a victim support chat portal where it labels itself as a "cybersecurity team" that assists victims in spotting potential risks and securing their network. Its victim support page also displays the ongoing auctions for the stolen data and current number of victims.
The group's website doubles as a portal for news and media coverage, as Rhysida's contact information is available to journalists, recovery firms or "fans," according to the report.
While recent attacks have been against the healthcare and public health sector, the group's main targets are education, government, manufacturing and technology, and managed service provider sectors.