rhysida Unknown
Details
Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware through phishing attacks and Cobalt Strike to breach the targets' networks and deploy their payloads.<br> <br> The group threatens to publicly distribute exfiltrated data if the ransom is not paid, and it's worth mentioning that Rhysida is still in the early stages of development.<br> <br> The ransomware leaves PDF notes in the affected folders, instructing victims to contact the group through its portal, and payment is made via Bitcoin.<br> <br> After encryption, the ransomware appends the extension '.ryshida' to encrypted files.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs
Leak Site
Onion URL:
http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion
Victims by Country
Ransomware Victims 10
| Victim | Country | Sector | Discovered |
|---|---|---|---|
| Southold Town Senior ServicesSouthold Police Department | - | Public Sector |
02/03/2026 09:42 5 giorni fa |
| Rohner | π¨π CH | Manufacturing |
23/02/2026 10:47 23/02/2026 |
| Cheyenne & Arapaho Tribes | πΊπΈ US | Public Sector |
17/02/2026 21:24 17/02/2026 |
| Phoenix Art Museum | πΊπΈ US | Not Found |
12/02/2026 15:08 12/02/2026 |
| Leading Edge Speciali | - | Not Found |
06/02/2026 00:11 06/02/2026 |
| Lakeside Union School District | πΊπΈ US | Education |
04/02/2026 08:01 04/02/2026 |
| Elabs | πΈπͺ SE | Not Found |
02/02/2026 15:16 02/02/2026 |
| MACT Health Board | πΊπΈ US | Healthcare |
29/01/2026 12:46 29/01/2026 |
| Cytek Biosciences | πΊπΈ US | Healthcare |
25/01/2026 12:48 25/01/2026 |
| Jet-care International | π¨π CH | Transportation/Logistics |
21/01/2026 13:54 21/01/2026 |
Metadata
Slug:
rhysida
Created: 14/01/2026 08:19
Updated: 07/03/2026 04:00