Ransomware Intelligence

rhysida

Ransomware group profile

68Victims
RussiaSource country
105Impact score

Description

Rhysida is a ransomware group that emerged in 2023, known for its double extortion tactics where it encrypts data and threatens public release unless ransoms are paid. The group employs sophisticated methods to infiltrate networks, primarily targeting critical sectors and leveraging a network of affiliates to maximize its impact.

Key insights

  • Utilizes multi-stage attack strategies including initial exploitation, data exfiltration, and ransomware deployment.
  • Employs double extortion tactics to pressurize victims into paying ransoms quickly.
  • Targets critical sectors such as healthcare and logistics to exploit the urgency of operations during breaches.
  • Utilizes legitimate tools like Cobalt Strike and PowerShell for post-exploitation activities.
  • Demands ransoms primarily in cryptocurrency, typically Bitcoin.
  • Clears forensic evidence by manipulating Windows event logs and deleting shadow copies as a defense evasion tactic.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For rhysida · Based on incidents in selected period

3.2threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality4.9/ 10

Status Breakdown

Claimed29.4%20
First seenJun 2025
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 2, 2026

Recent activity

Monthly attack count for rhysida in the selected period

68Total attacks
13peak in Oct
5.7avg / month
↓ 1 vs first month
JunJulAugSepOctNovDecJanFebMarAprMay0481216

Intelligence

IOCs, YARA/Sigma rules, and related families for rhysida

  1. 27572c66208f98c9aa52f1ab83837c18
  2. 24055b5e2907667b887b92cf34def4eed17f54314df485c9ffb1c3be1128778d
  3. 2cad7c33a0acc53648dcb44da00fb716
  4. 401e3fe6d27a438016a82c4bbc710dfca5ff3c8f533f5eadc7393ce4f1c2d498
  5. 83b70aa2000d84c1ddbb680061cbad151b489f0b908eea356338b3556a9be23d
  6. f2a3b52572a8a5da9cac1bf02427929acc101e5b9a2ae69093aad1c4f51d08c6
  7. 31591f5c0ba6abfa87950008dbb8acaaabe6f647398012dadcb6e68755936d4a
  8. 0426d8923790be4e5db65306134f53dd94f6c1c53d52a9198af9ad20c2ee02bd
  9. b1144c0309b0544ca71c65c573e74ad78a0f7c54
  10. 0edffd2d6933146b600d1578f4654be6
  11. 5ae94ec248a3df8ef31e4d7e1eace31448497fe1258649d34a8c4207eddc2876
  12. cd169f9f8de746f96aace439e46cbc381c6d931b750a64a97cae645eff7b750f
  13. a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
  14. ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
  15. 24e038fe958537de3ac2de0792131ae1cb08c1564801e0d95cee02281fb6e724
  16. f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55
  17. 69ae1a67469c58509cc10ca34a1fa8ab03217bcbe98e1bee27e80330c19b540e
  18. cafa8038ea7e46860c805da5c8c1aa38da070fa7d540f4b41d5e7391aa9a8079
  19. 274beb57ae19cbc5c2027e08cb2b718dea7ed1acb21bd329d5aba33231fb699d
  20. 4d52d40bc7599b784a86a000ff436527babc46c5de737e19ded265416b4977c6
  21. 8d1fb5ec0834261fe2621402c879cd759692169c72cd98d2707e51b301d2636b
  22. d905a31374a18a49d4f644cc5a4ad815f7bd53cf940b090795fbcdfe6f728c01
  23. 7d8927de16b431e159975f3b9ec289d1c650579a
  24. b0cfa2089802634ffb8c77962cdb18317a6332d4
  25. 5aa11ea9fc919725e883e8c2acd81729
  26. 20d3139b0bf01f3c216cda6278cf97ff
  27. dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
  28. 9b95baa91c2e92756da970d7846b6c14
  29. 6cdfad49d8148f268f524a57830bd0358939256d
  30. ccd6ca35e57022e0de7daff6fdb315c19bcbeb3d215cfac91fa93a782c9efdcb
  31. 8c24c4084cdc3b7e7f7a88444a012bfc
  32. 2f38120d7880a35c94d837dd60fdf24f4e48f58bd18ec33aa20c4061a61afab2
  33. 907ddb26b0dc6ed70dfb7bfedf3e7e6f6b548aea0a5b568f1f38c007204e79f6
  34. 9df504f0891ea98dafddb6f8373db497c6017b467e8b0470cf092a48584bb382
  35. db89ec570e6281934a5c5fcf7f4c8967
  36. 3526dec660203374fbfaa4ace4cb4dc6d03e968ea25042ed356df3c03414e24c
  37. 3bbbd71c89ac582757ddfb3d9e98e93dee39535d
  38. e624e606597f8ae8a5522cd9547afd7c
  39. a53a9ca8a074c7108f8412c3f8c1fc5d
  40. 67e8e85e6e316cd3008a7d8ce0d72064416c7a00
  41. fcdbe8f6204919f94fd57309806f5609ae88ae1bbd000d6226f25d2200cf6d47
  42. 4373fefdec70547cb513be8e908997033197dc86
  43. 64a0ab00d90682b1807c5d7da1a4ae67cde4c5757fc7d995d8f126f0ec8ae983
  44. ea6adefdd2be00d0c7072a9abe188ba9b0c9a75fa57f13a654caeaaf4c3f5fbc
  45. 29f6a31e1c2158d375d572aa74cacefa526d8ec8e788487f205cf0b65b98c975
  46. cf44aa11a17b3dad61cae715f4ea27c0cbf80732a1a7a1c530a5c9d3d183482a
  47. 7557d5fed880ee1e292aba464ffdc12021f9acbe0ee3a2313519ecd7f94ec5c4
  48. da6b4a3775fe510c8df09721ec433aa902b33d03e40cbb8b6ed4fe9a56345a9a
  49. 169157f51c05aafda68eb367219a826ecdc90e941e4397da20021b0f4ee2ae14
  50. ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
  51. 04e60a1a5033ef1531a1bbd6d73542f209a353a62e8e42df2c2256a8ea8a572b
  52. e391c2d3e8e4860e061f69b894cf2b1ba578a3e91de610410e7e9fa87c07304c
  53. d3cc251bcc8d9dec9348a332d77dd00441fa375fe74f3e91345a221c8d97fbc1
  54. 1e39502ddb5c677d5e9130dc98f8e3b448e4c97a6f98b80643a5519ff3ca649b
  55. a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221
  56. c371e4570fc623f1c9c93e4ba8885deb58028167
  57. 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  58. 5262e1ee394f329cd1f87ea31ba4a396c4a76edc3a87612a179f81f21606abc8
  59. 86233a285363c2a6863bf642deab7e20f062b8eb
  60. 3eaf2704e62d0b30a798274e4967273ed595cf9e435b48c72b1e44ff3005d22c
  61. ad675b0a4bee65221e084a3eb268464385a1d72a74f01df409ae490230618900
  62. 3e36c54eb1fd2942a28963b1e58d0aff9ff2d9ef65ab963df35a8bd124a94b27
  63. 65d50bb63d3d0176059ec26a63cd781aad016202b51cb6e4477f36ca6d1e7f82
  64. 5cdabf41672241798bcca94a7fdb25974ba5ab2289ebadc982149b3014677ae3
  65. 0bd24cc34dc7d003c276f95771fb54429a5cebd6d5f9cabce7902a16b972b44c
  66. 58c852525bf3bea185db34a79c2c5640c02f8291cdbdbe8dd7c0a9d4682f4b2c
  67. 2c6233c8dbc560027ee1427f5413e4b1
  68. af9f17aac44dacad992dbff95baa979ecc11b57142b484ab30b27c46d2b07acf
  69. 71732e9e0c5ecf00b14201719cabfe48
  70. 41b4fed4ea524ca78cbfb2ef941ff7f2cabde01dafb9e90fc818ba5f4cc9a8e1
  71. 6c174114cc8159ea4a8614b5418fa6e6405c42c64675657f69b1ae1839dd0a70
  72. f0cf6616c0f332f396e4c04f2fb4617035aefb4b260565478a59740ad3c9b07e
  73. 9e354d81d16e0e7efb642ba8ae1adf5a009455fc9e48575f39bccdfbdf596828
  74. a6c5cfe008f99e4d9bf3386d2fe6ddbe8278e62ae4253516b9740a5571559c80
  75. 5537c708edb9a2c21f88e34e8a0f1744
  76. d842bc9b4a6491c7955d9b645aea1a56b2531f59
  77. 815b7e5f1c6d36304af27db67c02f895
  78. bef7719a8a98131b8bdf885895b5d1c3f9d089ad
  79. c37b14c151ca672c7926692be5c15fa7cb83f9a6661faecf6a4d9120717b89d7
  80. b2aa5282fc8b33ef704953a7617c13328a1efaa8077d0e8aa13a20f568f8a5b6
  81. 478063e4c2696e7b5c75764d420cfc6551f346447561684be0fabbeb25a4bff2
  82. db2b09f6cdba12fb8b96f556cf7e1dff6cf0b612c992db4f59e738ae232ef589
  83. 7a5af6b8cc4b94cf0af8ae8bd56224f3
  84. 2c1528a6992ce0ac3a41d0da5cf846ba
  85. 34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907
  86. df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f
  87. 20ca2a01915c2fea611ed3067ccce6793facc57e
  88. 8c57b97b04d7eabbae651c3400a5e6b897aea1ae8964507389340c44b99c523a
  89. eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7
  90. dca83f08d448911a14c22ebcacc5ad57
  91. d2d6c8e73ac2fa79597f47453e7f0a135eafdda26683b0a67bafabeaa2f9d495
  92. e552f921f818610bc42690f8cf32bd75c3767251c458001027c08c1f5a7473df
  93. 0000567f2efdf875f93dd8ac8670f577d9a39596919ca2f439c1d72144288713
  94. edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef
  95. 11af4566539ad3224e968194c7a9ad7b596460d8f6e423fc62d1ea5fc0724326
  96. 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
  97. a912233df115e5002f95d55ba0481e6bff798ed3
  98. e97bdf7fafb1cb2a2bf0a4e14f51e18a34f3ff2f6f7b99731e93070d50801bef
  99. 10370f821ef2d769bcb287b3f5ab081c4949a97891a25a23688e8c553bd393df
  100. e7221b9d31a1bd3d1a066450c6c9139fa9ba33ba1fccd0b9bfb17febb9fad9d3
  101. f08baa465313ae45be975d18c335bbc8ebf2b5d29446a8bb7a7c8f5899d0c61a
  102. 61e197b6bc1fbf836e7af760b13e71f22571cffe4f4a73f7279e16b3f77a044f
  103. 2351eb826d665565bd92959a9c143701df95d5bfb39361f9959719ef0a119d76
  104. be2b45b7df8e7dea6fb6e72d776f41c50686c2c9cfbaf4d456bcc268f10ab083
  105. 597de376b1f80c06d501415dd973dcec
  106. 7ee571d82c41297dd0756107d863cf3414d8e254e89a0e067678cce73a1790f2
  107. 0b64ee06e7b34f8d44ec47ff2fbf9f10f6753103
  108. e291022cbe3efa7252139a282dbc8dda5306f1bd
  109. 2d1abc07b1c6e2aef304d9f9ee7d43b285db0ed80052a14bd36c545236257944
  110. 8d48ffbe19420cdd36d9d455d5db40d7963b74ec4a563f5cf46288a9e3365aaf
  111. 1ecef3db6ebd3ae26ab3655fb3272e75efa42d8e
  112. 2a27101feac062fdd4249169e1860971a4c336c1df29b12b35a711704577e4b3
  113. 7986912c48b0d18f72a5a8fafa615980
  114. e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
  115. a2754d7995426b58317e437f8ed6770cd7bb7b18d971e23b2b300b75e34fa086
  116. 17c203a142d322df93422e73254b1ff25221c8ae548074d61aa9e9e126bdd3e8
  117. f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
  118. 61ddf0d5915ecaab536abdcc3cfb5661558bb43f
  119. a8e9f0da26a3d6729e744a6ea566c4fd4e372ceb4b2e7fc01d08844bfc5c3abb
  120. 37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30
  121. 7408bcd666fdc1e3aa56b83e4d67a33f3ffb7abd7df2e52fab3519a3377ee749
  122. 975a4edb455e49e0769581323d9c025ba11655cc6d03b35da91029705e2a0618
  123. 94b0cfa3c654f17562a62541238ff6bb
  124. 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
  125. ca2fc49893dffdd07633f91f36d4d878f01e5df4119fd757a108fbf82a37aeb7
  126. 4e4a3751581252e210f6f45881d778d1f482146f92dc790504bfbcd2bdfa0129
  127. b269720acebdba99f8294306dfe575089c8e915af45556e49f82a9d7f1460742
  128. fe0a37af5ff54980169831eae9f0c07a0ab177762a62f7332bfc93b0d05facae
  129. dfff54d42b60017684805abb5ee34ab2da491dbcdf3a258852cfa439b878d4af
  130. 4cf09f8fd5385c4b8414fb6163d831164f1f25c8
  131. 6270645da8182fab12021bf0fa3126e8bf6a2a9115f273b288149d6c2a42adf0
  132. e5896a2d969b3848d695ff8f957fbec269c07fc5
  133. 91270525521b7fe0d986db19747f47d34b6318ad
  134. 0098c79e1404b4399bf0e686d88dbf052269a302
  135. fb9c4f542eb44f72e54160390e51efd73b7a79867470255e95673dcc682e829b
  136. b5a9bf036149b5a7a27414409552ad350e76a1654567ffdda4652429cf0308ff
  137. 7e6d9dac619c04ae1b3c8c0906123e752ed66d63
  138. e8d3aeea7617982bb6e484a9f8307e6b
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for rhysida

CVE-2025-5777
CVE-2022-3236
CVE-2022-30190
CVE-2022-26134
CVE-2020-1472
CVE-2018-0798
Collection

T1005

Data from Local System

T1119

Automated Collection

Defense Evasion

T1027

Obfuscated Files or Information

T1036

Masquerading

T1055.003_1

Thread Execution Hijacking

T1055_1

Process Injection

T1497

Virtualization/Sandbox Evasion

T1564

Hide Artifacts

T1564.004

NTFS File Attributes

T1620

Reflective Code Loading

Discovery

T1010

Application Window Discovery

T1057

Process Discovery

T1082

System Information Discovery

T1083

File and Directory Discovery

T1497_2

Virtualization/Sandbox Evasion

T1518.001

Security Software Discovery

Execution

T1059

Command and Scripting Interpreter

T1129

Shared Modules

Impact

T1486

Data Encrypted for Impact

Persistence

T1547.001

Registry Run Keys / Startup Folder

Privilege Escalation

T1055

Process Injection

T1055.003

Thread Execution Hijacking

T1547.001_1

Registry Run Keys / Startup Folder

Victims(68)

CompanyDomainCountryIndustryStatusDiscovered
IDS GroupGB United KingdomOther
Claimed
9 days ago
Landeshauptstadt StuttgartDE GermanyGovernment & Defense
Unknown
15 days ago
Tower View Primary SchoolGB United KingdomEducation
Unknown
19 days ago
Stelia North AmericaCA CanadaManufacturing
Claimed
about 1 month ago
Southold Town Senior ServicesSouthold Police DepartmentUS United StatesGovernment & Defense
Unknown
3 months ago
Southold Town Senior ServicesUS United StatesGovernment & Defense
Claimed
3 months ago
Rohnerrohnerspraybooths.comCH SwitzerlandManufacturing
Unknown
3 months ago
Cheyenne & Arapaho Tribescheyenneandarapaho-nsn.govUS United StatesGovernment & Defense
Unknown
4 months ago
Phoenix Art Museumphxart.orgUS United StatesEducation
Unknown
4 months ago
Leading Edge SpecialiNA NamibiaProfessional Services
Unknown
4 months ago
Lakeside Union School Districtlsusd.netUS United StatesEducation
Unknown
4 months ago
Elabselabs.deSE SwedenTechnology
Unknown
4 months ago
MACT Health Boardmacthealth.orgUS United StatesHealthcare
Unknown
4 months ago
Cytek Biosciencescytekbio.comUS United StatesHealthcare
Claimed
4 months ago
Jet-care Internationaljet-care.comCH SwitzerlandTransportation
Unknown
4 months ago
Charles Leonard Steel Servicescharlesleonardsteelservices.comUS United StatesManufacturing
Unknown
5 months ago
Falk, Waas, Hernandez, Cortina, Solomon & Bonner Overview Metricsfalkwaas.comUS United StatesProfessional Services
Unknown
5 months ago
Larry Pitt & Associateslarrypitt.comUS United StatesProfessional Services
Unknown
6 months ago
YOKOSUKA GAKUINyokosuka-gakuin.ac.jpJP JapanEducation
Unknown
6 months ago
***** ***********NA NamibiaManufacturing
Unknown
6 months ago

Page 1 of 4

Affected countries(46)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇴Jordan🇯🇵Japan🇰🇪Kenya🇰🇼Kuwait🇱🇹LithuaniaMartinique🇲🇽Mexico🇲🇾Malaysia🇳🇪Niger🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪Peru🇵🇱Poland🇵🇹PortugalRussian Federation🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇹🇭ThailandTaiwan, Province of China🇺🇸United States🇿🇦South AfricaGlobal