HackerFeeds
All ransomware groups

rhysida

273 tracked victims
·first seen 2023-06-05·last activity 2026-06-18

Group profile

Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware through phishing attacks and Cobalt Strike to breach the targets' networks and deploy their payloads.<br> <br> The group threatens to publicly distribute exfiltrated data if the ransom is not paid, and it's worth mentioning that Rhysida is still in the early stages of development.<br> <br> The ransomware leaves PDF notes in the affected folders, instructing victims to contact the group through its portal, and payment is made via Bitcoin.<br> <br> After encryption, the ransomware appends the extension '.ryshida' to encrypted files.<BR>Source: https://github.com/crocodyli/ThreatActors-TTPs

MITRE ATT&CK TTPs

TA0001

Initial Access

  • T1548.002Abusing Elevation Control Mechanism: Bypass User Account Control

    Bypassing UAC for access.

  • T1566Phishing

    Phishing for initial access.

TA0002

Execution

  • T1059Command and Scripting Interpreter

    Using command interpreters for execution.

  • T1129Shared Modules

    Using shared modules.

TA0003

Persistence

  • T1547.001Registry Run Keys / Startup Folder

    Persistence via registry run keys.

TA0004

Privilege Escalation

  • T1055Process Injection

    Injecting into processes for privilege escalation.

  • T1055.003Thread Execution Hijacking

    Hijacking thread execution.

  • T1547.001Registry Run Keys

    Using registry run keys.

TA0005

Defense Evasion

  • T1027Obfuscated Files or Information

    Obfuscating files and information.

  • T1036Masquerading

    Masquerading malicious files.

  • T1055Process Injection

    Process injection for evasion.

  • T1055.003Thread Execution Hijacking

    Thread execution hijacking.

  • T1497Virtualization/Sandbox Evasion

    Evading virtualization/sandbox detection.

  • T1564Hidden Artifacts

    Hiding artifacts.

  • T1564.004NTFS File Attributes

    Using NTFS file attributes.

  • T1620Reflective DLL Injection

    Reflective DLL injection.

TA0007

Discovery

  • T1010Application Window Discovery

    Discovering application windows.

  • T1057Process Discovery

    Discovering running processes.

  • T1082System Information Discovery

    Discovering system information.

  • T1083File and Directory Discovery

    Discovering files and directories.

  • T1497Virtualization/Sandbox Evasion

    Detecting virtualization/sandbox.

  • T1518.001Security Software Discovery

    Discovering security software.

TA0009

Collection

  • T1005Data from Local System

    Collecting data from local system.

  • T1119Automated Collection

    Automated data collection.

TA0010

Exfiltration

  • T1041Exfiltration Over C2 Channel

    Exfiltrating data over C2 channel.

TA0011

Command and Control

  • T1071Application Layer Protocol

    Using application layer protocols.

  • T1071.001Web Protocols

    Using web protocols for C2.

TA0040

Impact

  • T1486Data Encrypted for Impact

    Encrypting data for impact.

TA0042

Resource Development

  • T1583Acquire Infrastructure

    Acquiring infrastructure for operations.

  • T1587Develop Capabilities

    Developing malware capabilities.

TA0043

Reconnaissance

  • T1595Active Scanning

    Scanning for vulnerable targets.

  • T1598Phishing for Information

    Gathering information through phishing.

Recent victims

showing 50 of 273
DateWebsite / victimSectorCountry
2026-06-18
L
Lawson Roofing
Construction
2026-05-25
idsgi.com
IDS Groupidsgi.com
Not FoundUS
2026-05-19
stuttgart.de
Landeshauptstadt Stuttgartstuttgart.de
Public SectorDE
2026-05-15
towerview.staffs.sch.uk
Tower View Primary Schooltowerview.staffs.sch.uk
EducationGB
2026-04-27
S
Stelia North America
ManufacturingUS
2026-03-02
S
Southold Town Senior ServicesSouthold Police Department
Public Sector
2026-02-23
rohnerspraybooths.com
Rohnerrohnerspraybooths.com
ManufacturingCH
2026-02-17
cheyenneandarapaho-nsn.gov
Cheyenne & Arapaho Tribescheyenneandarapaho-nsn.gov
Public SectorUS
2026-02-12
phxart.org
Phoenix Art Museumphxart.org
EducationUS
2026-02-06
L
Leading Edge Speciali
Business Services
2026-02-04
lsusd.net
Lakeside Union School Districtlsusd.net
EducationUS
2026-02-02
elabs.de
Elabselabs.de
TechnologySE
2026-01-29
macthealth.org
MACT Health Boardmacthealth.org
HealthcareUS
2026-01-25
cytekbio.com
Cytek Biosciencescytekbio.com
HealthcareUS
2026-01-21
jet-care.com
Jet-care Internationaljet-care.com
Transportation/LogisticsCH
2026-01-06
charlesleonardsteelservices.com
Charles Leonard Steel Servicescharlesleonardsteelservices.com
ManufacturingUS
2025-12-30
falkwaas.com
Falk, Waas, Hernandez, Cortina, Solomon & Bonner Overview Metricsfalkwaas.com
Business ServicesUS
2025-12-19
larrypitt.com
Larry Pitt & Associateslarrypitt.com
Business ServicesUS
2025-12-15
yokosuka-gakuin.ac.jp
YOKOSUKA GAKUINyokosuka-gakuin.ac.jp
EducationJP
2025-12-13
*
***** ***********
Not Found
2025-12-12
ukbb-nsn.gov
United Keetoowah Band of Cherokee Indians in Oklahomaukbb-nsn.gov
Public SectorUS
2025-12-11
uspatent.com
Woodard, Emhardt, Henry, Reeves & Wagner, LLPuspatent.com
Business ServicesUS
2025-12-11
harbourtowndoctors.com.au
Harbour Town Doctorsharbourtowndoctors.com.au
HealthcareAU
2025-12-07
kanes.com
Kane's Furniturekanes.com
Consumer ServicesUS
2025-12-06
sodise.com
SODISEsodise.com
Business ServicesFR
2025-12-03
bobeuckmanford.com
Bo Beuckman Fordbobeuckmanford.com
Consumer ServicesUS
2025-12-02
cso-ok.us
Cleveland County Sheriff's Officecso-ok.us
Public SectorUS
2025-11-26
A
AGS
Not Found
2025-11-25
marlexhc.pl
Marlex Human Capitalmarlexhc.pl
Business ServicesPL
2025-11-24
csmontreal.ca
Collge Superieur De Montrealcsmontreal.ca
EducationCA
2025-11-22
stjoes.ca
St. Joseph's Healthcare Hamiltonstjoes.ca
HealthcareCA
2025-11-21
wrsd.net
Wachusett School District MAwrsd.net
EducationUS
2025-11-18
smollandbanning.com
Smoll & Banning, CPAssmollandbanning.com
Financial ServicesUS
2025-11-10
heartsouthpc.com
Heart South Cardiovascular Groupheartsouthpc.com
HealthcareUS
2025-11-10
lmht.com
LMHT Associateslmht.com
Not FoundUS
2025-11-05
kissfm.es
KISS FMkissfm.es
TelecommunicationES
2025-11-04
automatedlogistics.com
Automated Logistics Systemsautomatedlogistics.com
Transportation/LogisticsUS
2025-11-04
invacare.com
Invacareinvacare.com
HealthcareUS
2025-10-30
spindletop.org
Spindletop Centerspindletop.org
HealthcareUS
2025-10-28
geminigroup.net
Gemini Groupgeminigroup.net
Not FoundUS
2025-10-28
bellsd.org
Bellflower Unified School Districtbellsd.org
EducationUS
2025-10-27
abilenedocs.com
Abilene Family Medical Associatesabilenedocs.com
HealthcareUS
2025-10-21
perasotech.com
Perasoperasotech.com
TechnologyCA
2025-10-17
hocpc.com
Hematology Oncology Consultantshocpc.com
HealthcareUS
2025-10-17
geiger-antriebstechnik.de
GEIGERgeiger-antriebstechnik.de
Business ServicesDE
2025-10-16
sibbalds.co.uk
Sibbaldssibbalds.co.uk
Business ServicesGB
2025-10-15
tex-tube.com
Tex-Tubetex-tube.com
ManufacturingUS
2025-10-13
furuno.com
Furuno Electricfuruno.com
TechnologyJP
2025-10-09
sdii-global.com
Sdii Globalsdii-global.com
Business ServicesUS
2025-10-07
jasco.com
JASCO Applied Sciencesjasco.com
TechnologyCA