BleepingComputer reports that healthcare organizations in North and South America, Western Europe, and Australia were noted by the Department of Health and Human Services to have been targeted by the new Rhysida ransomware operation, which according to some sources has launched the cyberattack against Prospect Medical Holdings.
Such intrusions come after Rhysida originally targeted the government, education, manufacturing, technology, and managed service provider industries in its initial attacks in May, according to the HHS.
After obtaining initial access through phishing emails, Rhysida proceeds with the deployment of PowerShell and Cobalt Strike scripts, as well as a locker, a report from Trend Micro revealed.
Moreover, Rhysida's latest locker was noted in Cisco Talos report to leverage 4096-bit RSA key with the ChaCha20 algorithm for encrypting files, while excluding certain filetypes.
Meanwhile, Rhysida has been linked by CheckPoint researchers to the Vice Society ransomware gang due to similarities between both groups' extortion site publishing times and targeting patterns.
Ransomware, Threat Intelligence
Healthcare sector targeted by Rhysida ransomware operation
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds