Federal Rhysida ransomware warning issued

U.S. organizations have been warned by the FBI and the Cybersecurity and Infrastructure Security Agency regarding attacks by the Rhysida ransomware operation, which have already impacted manufacturing, healthcare, government, education, and information technology entities, according to BleepingComputer. Aside from compromising VPNs and other external remote services to facilitate initial network access and persistence, Rhysida, which emerged in May, has also deployed phishing attacks and intrusions leveraging the critical Zerologon privilege escalation vulnerability, tracked as CVE-2020-1472, in its operations, said the agencies in a joint advisory. More threat actors have also begun using Rhysida ransomware in their attacks, with affiliates of the Vice Society ransomware gang, also known as Vanilla Tempest or DEV-0832, commencing use of the ransomware strain in July. Organizations have been urged by the agencies to not only immediately patch actively exploited vulnerabilities and ensure multi-factor authentication implementation but also leverage network segmentation to avert attempted lateral movement intrusions.