Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Rhysdia Ransomware Emerges as a Significant Threat to Healthcare Security

Shipra Sanganeria
Published by Shipra Sanganeria on August 10, 2024

A new ransomware group dubbed Rhysdia has gained notoriety in recent months, following a series of high-impact attacks on the healthcare sector. The group which first emerged in May 2023, has forced several government organizations and cybersecurity companies to closely analyze its activities.

Following its attack on the Chilean Army and Prospect Medical Holdings, which affected 17 hospitals and 166 clinics in the US, the group was deemed as a significant threat to the healthcare and public sector by the U.S. Department of Health and Human Services (HHS).

On August 4, HHS also released an advisory about the ransomware, while security companies like Trend Micro, SentinelOne, and CheckPoint published individual articles analyzing different facets of this malware.

Initial analysis of Rhysdia by SentinelOne showed that it was in early stages of development and missed standard malware features. Their attack techniques also consisted of phishing emails and deployment through cobalt Strike or similar platforms.

The analysis by CheckPoint reveals that the ransomware has close links with the now defunct Vice Society, based on their modus operandi and victim (education and healthcare) targeting method.

The attack technique employed by Rhysdia in this instance included remote desktop protocol, remote PowerShell sessions (WinRM), and use of PsExec for lateral movement. For avoiding detection, the malware was seen to delete logs and forensic artifacts, while SystemBC and AnyDesk was utilized to maintain persistence.

‘’The time to ransom (TTR) of the actors employing Rhysida ransomware is relatively low. It has been eight days from the first signs of lateral movement to the widespread ransomware deployment,’’ revealed CheckPoint analysis.

According to the HHS security bulletin, the ransomware targets are spread across the US, Australia, Western Europe, and South America. In the beginning, their primary targets were the education, manufacturing, government, managed service providers, and technology sector. However, now their primary focus seems to be the healthcare and public health sector.

The rapid spread and threat scope of Rhysdia makes it imperative for organizations to understand and monitor the tools and attack process of this ransomware, thus preventing such attacks in the future.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback