Attack Graph Response to CISA Advisory (AA23-319A): #StopRansomware: Rhysida Ransomware

On November 15, 2023, CISA published an Advisory (AA23-319A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with Rhysida ransomware identified through FBI investigations. In September 2023, AttackIQ released two new attack graphs in response to recent reports of activities involving Rhysida ransomware. Read More

On November 15, 2023, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) disseminating known Rhysida ransomware Indicators of Compromise (IOCs) and Tactic, Technique and Procedures (TTPs) identified through investigations as recently as September 2023.

Rhysida is a Ransomware-as-a-Service (RaaS) that has been active since at least May 2023 and, despite being a newcomer, has quickly established itself as a significant fully-fledged ransomware operation. Rhysida has predominately been deployed against the Government, Manufacturing, and Technology sectors. However, more recently, it has expanded its activities to include Healthcare and Public Health organizations. As a result of this, in August 2023, the U.S. Department of Health and Human Services issued a warning to the healthcare industry about Rhysida ransomware activity.

AttackIQ have previously released two new attack graphs that seek to emulate the various activities carried out by this infamous Ransomware and its operators against multiple targets worldwide since its discovery in May 2023. For further coverage and details, we encourage you to check out the previous AttackIQ blog released on September 20, 2023.

AttackIQ stands at the ready to help security teams implement this attack graph and other aspects of the AttackIQ Security Optimization Platform, including through our fully managed service, AttackIQ Ready!, and our co-managed security service, AttackIQ Enterprise.