Rhysida Ransomware Targets Germany and the US

By Bogdan Pătru . 17 June 2024

Tech Writer

Fact-Checked this

Rhysida hackers announced 2 victims today, Production Machines & Enterprises from the US and CETOS Services from Germany. The hackers didn’t mention how much data they’ve managed to steal in their original post.

According to the hackers’ own statements, they already sold the stolen data
The victims haven’t commented on the breaches publicly, but it’s presumed that they’ve refused any negotiations with the hackers
Rhysida has been active since May 2023, when they produced their first victims
There is no data on the gang’s preferred victimology, as they appear to target companies from all walks of life

Rhysida advertises its actions as ‘humanitarian.’ The gang presents itself as a ‘cybersecurity team’ whose main goal is to help institutions strengthen their cyber-defenses. And they supposedly achieve that by breaching into their systems.

Presumably, this is done to expose system vulnerabilities that the victim may not be aware of. They also offer tips and assistance with boosting the victim’s defenses. After the victim pays the ransom, of course.

That’s because Rhysida will not only breach the victim’s system, but steal sensitive data in the process as well. If the victim doesn’t pay, that is. Naturally, this is not a novel or inventive strategy.

X showing the Rhysida ransomware attack on the two companies — https://x.com/FalconFeedsio/status/1802551828803957024

Several other ransomware gangs resort to the same tactics, typically because they make the victim more likely to pay. Today’s targets didn’t feel like falling for that shtick.

This means that the hackers had to sell the data on the black market to make a profit. This can open a new can of worms, given that other cybercriminal groups now have access to the victims’ data.

Should You Pay the Ransom?

The answer might seem obvious at first, but it’s not. Most will refuse to pay the ransom, but many do. Which is why ransomware gangs are still in business and growing by the year. So, what should you do if you get breached? Pay or not pay?

Let’s see where each option can get you.

If you pay:

The hackers will provide the decryptor to restore access to your system
The hackers will mark you as vulnerable, so they’ll most likely hit you again in the future
The hackers will often keep the stolen data and share or sell it to other cybercriminal gangs
Other ransomware actors will target you because you now have a history of paying the ransom
You incentivize the hackers to stay in business

If you don’t pay:

The hackers won’t provide the decryptor; you’ll either need to find ways to remove the encryption on your own or simply reset and lose everything
The hackers will sell your data on the Dark Web, but they’ll most likely do that if you pay too
Refusing to pay will make it more difficult for hackers to continue their activity

Ultimately, there’s no right or wrong decision. It all depends on your business’ profile, lost assets, and any legal battles that may arise due to the breach itself. In many cases, data leaks resulting from ransomware attacks can have unexpected consequences.

This explains why many victims prefer to pay the ransom and buy the hackers’ silence, than have the data leak publicly.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

Rhysida Ransomware Targets Germany and the US

Should You Pay the Ransom?

Our Mission

Bogdan Pătru

Leave a Comment Cancel