Government agencies and cybersecurity firms are on being more vigilant after the US Department of Health and Human Services (HHS) detailed an alert with an overview of Rhysida ransomware.
Rhysida is a ransomware-as-a-service (RaaS) group that is still in its early stages of development, first emerging in May. According to the alert, the group drops the ransomware through "phishing attacks and Cobalt Strike to breach targets' networks and deploy their payloads." It then exploits its victims by calling for a ransom, threatening to publicly distribute the stolen data if the group is not paid. PDF notes are left on the folders that have been affected in the network, with instructions on how to contact the group and make Bitcoin payment.
The victims of the group span various countries in Western Europe, both North and South America, and Australia. Rhysida targets education, government, manufacturing, and technology and managed service sectors, and it has expanded into the healthcare sector in its most recent expansion.
The group was responsible for a recent cyberattack against Prospect Medical Holdings, leading to a system-wide outage that affected 16 hospitals in California, Connecticut, Pennsylvania, and Rhode Island, as well as over 160 clinics in the US. In addition to this, a healthcare operation in Australia was listed on Rhysida's Dark Web site, given a week to pay the ransom before its stolen data was leaked to the public.
"It's not surprising that Rhysida is targeting the healthcare sector, which holds valuable patient data and faces pressure to pay and restore lifesaving services quickly," wrote Jess Parnell, VP of security operations at Centripetal, in an emailed statement. "In order to protect against ransomware attacks, healthcare operators should implement the basics of good cyber defense — adopt least-privileged access to sensitive information, train employees to identify phishing and other social engineering attacks, and keep all software patches up to date."
HHS recommends that healthcare organizations recognize the threat of these cybergroups, educate and train their staff, assess enterprise risk against potential vulnerabilities, and develop a cybersecurity roadmap.