ICIC
UN

Rhysida

Medium ConfidenceHigh Threat

Vice Society 2.0

Rhysida is a ransomware-as-a-service operation that emerged in May 2023, targeting government, education, healthcare, and manufacturing sectors. The group gained significant attention for attacks against healthcare organizations and government entities. Rhysida employs double extortion tactics and positions themselves as a 'penetration testing team' exposing security weaknesses. The group has demonstrated sophisticated capabilities in network penetration and data exfiltration.

Origin: Unknown
Sponsor: Cybercriminal (No State Sponsor)
Active: 2023 - Present
Victims: 100+ organizations
Advanced
Active
Financial Gain
Risk Assessment
71
Composite Risk Score
High Risk
ARCS Compliance70
Escalation Risk72
Grievance Index65
Infrastructure Impact75
History & Evolution

Rhysida is a ransomware-as-a-service operation that emerged in May 2023, targeting government, education, healthcare, and manufacturing sectors. The group gained significant attention for attacks against healthcare organizations and government entities. Rhysida employs double extortion tactics and positions themselves as a 'penetration testing team' exposing security weaknesses. The group has demonstrated sophisticated capabilities in network penetration and data exfiltration.

Targeting

Target Sectors

HealthcareEducationGovernmentManufacturing

Target Regions

United StatesEuropeLatin America
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: Medium.

Intelligence Assessment
High
Threat Level
Moderately
Targeting
Moderately
Adaptability
High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Rhysida is expected to continue operations targeting Healthcare sectors.

Timeline of Key Events
2023
Major

First observed activity of Rhysida

2024
Moderate

Continued active operations