Rhysida Ransomware Targeted UAE-Based Corporation
Rhysida is a newcoming ransomware actor that already ranks as extremely dangerous and active. The hackers managed to infiltrate UAE’s Seven Seas Technologies and posted evidence of the attack on their TOR network.
- According to the hackers’ post, they gave the victim 7 days to contact them for negotiations
- If the victim refuses to negotiate or no consensus is reached, the hackers will post the stolen data publicly
- Ransomware attacks have increased in intensity over the past year, compared to 2022, when the graph showed a massive decrease since the previous one
- Even so, millions of attacks take place globally, from both novel and old, big and small ransomware actors
It is unclear how much data the hackers have managed to steal from Seven Seas Technologies or whether the victim has decided to negotiate. Rhysida has gained a reputation as an aggressive negotiator who doesn’t compromise.
Those who have assessed Rhysida’s ransomware profile warn about the actor’s advanced systems and tactics and impressive sophistication. Rhysida is not only aggressive but also extremely tactical and stealthy.
The group appears to prioritize a stealthy approach, leaving as little trace as possible. It also shows an impressive success rate when it comes to breaching its targets. There is no clear data on the group’s actual ransom gains, though.
The victim hasn’t commented on the recent attack, and it is unlikely that they will. The silence treatment is preferable, as it doesn’t give the hackers the advertising that they desire.
But what makes ransomware attacks so dangerous and devastating?
Why Is Rhysida so Dangerous?
Rhysida doesn’t necessarily bring anything new to the table when it comes to overall strategy. The organization operates based on a double-extortion approach, with the hackers encrypting the victim’s system and stealing the target data.
But Rhysida is also different in some aspects. One of them is posing as a cybersecurity team. The hackers advertise themselves as doing the victims a service by exposing their system vulnerabilities.
The ransom is supposed to cover these services. Naturally, this is just a tactic to set the victim’s mind at ease. This way, they victim won’t feel like they’re paying the hackers, but rather exchanging money for services.
Even more interestingly, the hackers will actually help the victim restore their systems and improve their security following the attack. That is, if the victims decide to pay the ransom. If not, the hackers will usually leak the data publicly.
In other cases, they will share it with other cybercriminal groups or keep it to themselves for future use.
So, should you be concerned about Rhysida? Yes. Although the organization is fairly young and although it’s one of many, it’s clear that its influence and profile grow by the day. Rhysida is now considered a global threat with massive potential.
If you want to keep yourself and your company safe, work with cybersecurity experts to boost your defenses. Educating your employees on recognizing threats and traps is also essential to prevent future breaches.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
