| Category | Details |
|---|---|
| Threat Actors | Rhysida Ransomware group (possible connection to Vice Society Ransomware group). |
| Campaign Overview | Rhysida ransomware attacks targeted various sectors, notably healthcare and government, with data leaks and significant disruptions. |
| Target Regions (Or Victims) | Chile (Chilean Army), United States (Hospitals, Clinics, Funeral services), Global Healthcare and Education Sectors. |
| Methodology | Insider attacks, typosquatting, SEO poisoning, NTDS backup, password changes, and the use of SystemBC botnet. |
| Product targeted | Healthcare services, government (military), and education sectors. |
| Malware Reference | CleanUpLoader malware, SystemBC botnet, Portstarter backdoor. |
| Tools Used | NTDS backup creation, SystemBC botnet, New-NetFirewallRule, CleanUpLoader malware, SEO poisoning, typosquatting. |
| Vulnerabilities Exploited | Insider access, poor security practices (e.g., weak passwords, misconfigured firewall), use of fake software download sites. |
| TTPs | Insider access, NTDS backup, password changes, SystemBC botnet, firewall rule modifications, typosquatting, and SEO poisoning. |
| Attribution | Rhysida ransomware group, potentially linked to Vice Society ransomware group. |
| Recommendations | Detection of insider threats, monitoring for typosquatting and SEO poisoning, enhancing password security, and deploying endpoint protection. |
| Source | S2W |
Read full article: https://s2w.inc/en/resource/detail/673?utm_source=twitter&utm_medium=social-posts&utm_campaign=ta-brief-reports&utm_term=ransomware&utm_content=rhysida
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply