Rhysida is a ransomware group that encrypts data on victims' computer systems and threatens to make it publicly available unless a ransom is paid.
[2] The group perpetrated the notable 2023 British Library cyberattack[1] and Insomniac Games data dump.
[4] The US CISA report states:[6] Threat actors leveraging Rhysida ransomware are known to impact “targets of opportunity,” including victims in the education, healthcare, manufacturing, information technology, and government sectors.
Open source reporting details similarities between Vice Society (DEV-0832) activity and the actors observed deploying Rhysida ransomware.
Additionally, open source reporting has confirmed observed instances of Rhysida actors operating in a ransomware-as-a-service (RaaS) capacity, where ransomware tools and infrastructure are leased out in a profit-sharing model.