rhysida
Ransomware group profile
66Victims
RussiaSource country
104Impact score
Description
Rhysida is a ransomware group that emerged in 2023, known for its double extortion tactics where it encrypts data and threatens public release unless ransoms are paid. The group employs sophisticated methods to infiltrate networks, primarily targeting critical sectors and leveraging a network of affiliates to maximize its impact.
Key insights
- •Utilizes multi-stage attack strategies including initial exploitation, data exfiltration, and ransomware deployment.
- •Employs double extortion tactics to pressurize victims into paying ransoms quickly.
- •Targets critical sectors such as healthcare and logistics to exploit the urgency of operations during breaches.
- •Utilizes legitimate tools like Cobalt Strike and PowerShell for post-exploitation activities.
- •Demands ransoms primarily in cryptocurrency, typically Bitcoin.
- •Clears forensic evidence by manipulating Windows event logs and deleting shadow copies as a defense evasion tactic.
Threat Level & Status Breakdown
For rhysida · Based on incidents in selected period
3.6threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality5/ 10
Status Breakdown
Claimed25.8%17
First seenJun 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 21, 2026
Recent activity
Monthly attack count for rhysida in the selected period
66Total attacks
13peak in Oct
5.1avg / month
Intelligence
IOCs, YARA/Sigma rules, and related families for rhysida
- 27572c66208f98c9aa52f1ab83837c18
- 968bcbb4b79f2e7e5ec563a11b4a87fa
- 24055b5e2907667b887b92cf34def4eed17f54314df485c9ffb1c3be1128778d
- 401e3fe6d27a438016a82c4bbc710dfca5ff3c8f533f5eadc7393ce4f1c2d498
- 83b70aa2000d84c1ddbb680061cbad151b489f0b908eea356338b3556a9be23d
- f2a3b52572a8a5da9cac1bf02427929acc101e5b9a2ae69093aad1c4f51d08c6
- 293bfed7263ffb9250afff9b2beb296d803803b0e42d4afcd200ee7e7eccd243
- 31591f5c0ba6abfa87950008dbb8acaaabe6f647398012dadcb6e68755936d4a
- 0426d8923790be4e5db65306134f53dd94f6c1c53d52a9198af9ad20c2ee02bd
- b1144c0309b0544ca71c65c573e74ad78a0f7c54
- 0edffd2d6933146b600d1578f4654be6
- 5ae94ec248a3df8ef31e4d7e1eace31448497fe1258649d34a8c4207eddc2876
- cd169f9f8de746f96aace439e46cbc381c6d931b750a64a97cae645eff7b750f
- a26f0a2da63a838161a7d335aaa5e4b314a232acc15dcabdb6f6dbec63cda642
- 63f3e64c9674715f881df6d0e13aa046c28ae8d58e2b23001a07e6eb6cc477a3
- 7ed805c5fc3bd0a4eab3d523483a9cc83b8768ff667875f2318f3bfa4ef68fe2
- ec5d494f2a6b8dac323887096152bd4851766d4119be1487597a4bcc86f12d36
- 24e038fe958537de3ac2de0792131ae1cb08c1564801e0d95cee02281fb6e724
- f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55
- 69ae1a67469c58509cc10ca34a1fa8ab03217bcbe98e1bee27e80330c19b540e
- cafa8038ea7e46860c805da5c8c1aa38da070fa7d540f4b41d5e7391aa9a8079
- 4d52d40bc7599b784a86a000ff436527babc46c5de737e19ded265416b4977c6
- 8d1fb5ec0834261fe2621402c879cd759692169c72cd98d2707e51b301d2636b
- 7d8927de16b431e159975f3b9ec289d1c650579a
- b0cfa2089802634ffb8c77962cdb18317a6332d4
- 20d3139b0bf01f3c216cda6278cf97ff
- dd766c3b2ca6cbea1905751d5c252c0ee75ac70bafdf24b7ab17e5ff0f92bbfd
- d8edd5305c58df8320a6b54d9c0d531d9a4e249a552e013d99ed04430911b6c4
- 9b95baa91c2e92756da970d7846b6c14
- 6cdfad49d8148f268f524a57830bd0358939256d
- ccd6ca35e57022e0de7daff6fdb315c19bcbeb3d215cfac91fa93a782c9efdcb
- 8c24c4084cdc3b7e7f7a88444a012bfc
- 2f38120d7880a35c94d837dd60fdf24f4e48f58bd18ec33aa20c4061a61afab2
- 907ddb26b0dc6ed70dfb7bfedf3e7e6f6b548aea0a5b568f1f38c007204e79f6
- db89ec570e6281934a5c5fcf7f4c8967
- 3526dec660203374fbfaa4ace4cb4dc6d03e968ea25042ed356df3c03414e24c
- 3bbbd71c89ac582757ddfb3d9e98e93dee39535d
- e624e606597f8ae8a5522cd9547afd7c
- 4fa8d9a20ce9098eddc065cc427e3ccb035bf3306e236c17a67104d79ca040e0
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 67e8e85e6e316cd3008a7d8ce0d72064416c7a00
- fcdbe8f6204919f94fd57309806f5609ae88ae1bbd000d6226f25d2200cf6d47
- 4373fefdec70547cb513be8e908997033197dc86
- 64a0ab00d90682b1807c5d7da1a4ae67cde4c5757fc7d995d8f126f0ec8ae983
- ea6adefdd2be00d0c7072a9abe188ba9b0c9a75fa57f13a654caeaaf4c3f5fbc
- 29f6a31e1c2158d375d572aa74cacefa526d8ec8e788487f205cf0b65b98c975
- cf44aa11a17b3dad61cae715f4ea27c0cbf80732a1a7a1c530a5c9d3d183482a
- 5d16bc8545d2eb6971c5b77109671e2c309a2df1
- 560a64721d5a647ffae76febdb6f99bf356dae79
- 7557d5fed880ee1e292aba464ffdc12021f9acbe0ee3a2313519ecd7f94ec5c4
- dff271ee416fe443a83e05461cacc433a66203ff5f50d7b8b9a47cbab56dd4b8
- da6b4a3775fe510c8df09721ec433aa902b33d03e40cbb8b6ed4fe9a56345a9a
- ce1438298244aa9085e47871c40dca4944fddf620ffadbb0a6c9158626556376
- 04e60a1a5033ef1531a1bbd6d73542f209a353a62e8e42df2c2256a8ea8a572b
- e391c2d3e8e4860e061f69b894cf2b1ba578a3e91de610410e7e9fa87c07304c
- d3cc251bcc8d9dec9348a332d77dd00441fa375fe74f3e91345a221c8d97fbc1
- c8347069980e0c7b8d42cbf0f2be7bc6e558f8b6cf7ca960f6454926120adf55
- 1e39502ddb5c677d5e9130dc98f8e3b448e4c97a6f98b80643a5519ff3ca649b
- a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221
- c371e4570fc623f1c9c93e4ba8885deb58028167
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- 5262e1ee394f329cd1f87ea31ba4a396c4a76edc3a87612a179f81f21606abc8
- 86233a285363c2a6863bf642deab7e20f062b8eb
- b2b03dfcdc2e59d81e99d20c15919a13
- 3eaf2704e62d0b30a798274e4967273ed595cf9e435b48c72b1e44ff3005d22c
- ad675b0a4bee65221e084a3eb268464385a1d72a74f01df409ae490230618900
- 3e36c54eb1fd2942a28963b1e58d0aff9ff2d9ef65ab963df35a8bd124a94b27
- 65d50bb63d3d0176059ec26a63cd781aad016202b51cb6e4477f36ca6d1e7f82
- 5cdabf41672241798bcca94a7fdb25974ba5ab2289ebadc982149b3014677ae3
- 0bd24cc34dc7d003c276f95771fb54429a5cebd6d5f9cabce7902a16b972b44c
- ccfa558c82a0a4276d8a056e5b0a557050e0b65f
- ddaa09b5c3bf5aa24e300c24905469f2
- 58c852525bf3bea185db34a79c2c5640c02f8291cdbdbe8dd7c0a9d4682f4b2c
- 9f1950591d1f40fd24c335a2fe56cb03
- af9f17aac44dacad992dbff95baa979ecc11b57142b484ab30b27c46d2b07acf
- 71732e9e0c5ecf00b14201719cabfe48
- 41b4fed4ea524ca78cbfb2ef941ff7f2cabde01dafb9e90fc818ba5f4cc9a8e1
- f0cf6616c0f332f396e4c04f2fb4617035aefb4b260565478a59740ad3c9b07e
- 9e354d81d16e0e7efb642ba8ae1adf5a009455fc9e48575f39bccdfbdf596828
- a6c5cfe008f99e4d9bf3386d2fe6ddbe8278e62ae4253516b9740a5571559c80
- 5537c708edb9a2c21f88e34e8a0f1744
- d842bc9b4a6491c7955d9b645aea1a56b2531f59
- 89759f741606e3e9e3004978c08a3d8f5d8a887f
- bef7719a8a98131b8bdf885895b5d1c3f9d089ad
- c37b14c151ca672c7926692be5c15fa7cb83f9a6661faecf6a4d9120717b89d7
- d4bfdb76a3ea03dd31a96179394c1c453efd8a3694185a23b7b4ad5178b81e4a
- b2aa5282fc8b33ef704953a7617c13328a1efaa8077d0e8aa13a20f568f8a5b6
- 478063e4c2696e7b5c75764d420cfc6551f346447561684be0fabbeb25a4bff2
- db2b09f6cdba12fb8b96f556cf7e1dff6cf0b612c992db4f59e738ae232ef589
- 7a5af6b8cc4b94cf0af8ae8bd56224f3
- 2c1528a6992ce0ac3a41d0da5cf846ba
- 34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907
- df6fa5b55c8196df0a53575cd26f5a7e53146899d41ab1a1a3acdb320f185d1f
- 705127c9730dcdebfa0f30103952107098d164d1941c400ea1f3ff454951c225
- 8c57b97b04d7eabbae651c3400a5e6b897aea1ae8964507389340c44b99c523a
- eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7
- dca83f08d448911a14c22ebcacc5ad57
- d2d6c8e73ac2fa79597f47453e7f0a135eafdda26683b0a67bafabeaa2f9d495
- e552f921f818610bc42690f8cf32bd75c3767251c458001027c08c1f5a7473df
- 0000567f2efdf875f93dd8ac8670f577d9a39596919ca2f439c1d72144288713
- edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef
- 11af4566539ad3224e968194c7a9ad7b596460d8f6e423fc62d1ea5fc0724326
- 7f3b0682e57da055874455302178be52481a5161f3f3f805167b248a39b57c18
- 5070ad8f45e6ee70e1b8a4fdbf78b2c823ca2c47a817fc29b5042b15880f92d9
- e97bdf7fafb1cb2a2bf0a4e14f51e18a34f3ff2f6f7b99731e93070d50801bef
- 10370f821ef2d769bcb287b3f5ab081c4949a97891a25a23688e8c553bd393df
- 5818f60e9b4213231d97dc7e33f43cf823646da0e5552a9112e479dfcd87bc4b
- e7221b9d31a1bd3d1a066450c6c9139fa9ba33ba1fccd0b9bfb17febb9fad9d3
- f0b3e112ce4807a28e2b5d66a840ed7f
- 9daa74a3b63c352c120c8b043a1e88f32cb8ad54
- f08baa465313ae45be975d18c335bbc8ebf2b5d29446a8bb7a7c8f5899d0c61a
- 61e197b6bc1fbf836e7af760b13e71f22571cffe4f4a73f7279e16b3f77a044f
- 2351eb826d665565bd92959a9c143701df95d5bfb39361f9959719ef0a119d76
- 597de376b1f80c06d501415dd973dcec
- 7ee571d82c41297dd0756107d863cf3414d8e254e89a0e067678cce73a1790f2
- e291022cbe3efa7252139a282dbc8dda5306f1bd
- 2d1abc07b1c6e2aef304d9f9ee7d43b285db0ed80052a14bd36c545236257944
- 8d48ffbe19420cdd36d9d455d5db40d7963b74ec4a563f5cf46288a9e3365aaf
- 2a27101feac062fdd4249169e1860971a4c336c1df29b12b35a711704577e4b3
- 7986912c48b0d18f72a5a8fafa615980
- e3b6ea8c46fa831cec6f235a5cf48b38a4ae8d69
- a2754d7995426b58317e437f8ed6770cd7bb7b18d971e23b2b300b75e34fa086
- 556050a9f9cb6bff6e19ada58215e469
- 17c203a142d322df93422e73254b1ff25221c8ae548074d61aa9e9e126bdd3e8
- f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
- 5d3569401837f0ffa3a69ff02131b3b2
- a8e9f0da26a3d6729e744a6ea566c4fd4e372ceb4b2e7fc01d08844bfc5c3abb
- 7408bcd666fdc1e3aa56b83e4d67a33f3ffb7abd7df2e52fab3519a3377ee749
- 975a4edb455e49e0769581323d9c025ba11655cc6d03b35da91029705e2a0618
- 333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c
- c524749d590c5057642f72b583e2336b6e80d0ff
- d6d778ee1a0d3d57882a70232d1763c718581c85aa4e5129674cb172ff87341b
- 94b0cfa3c654f17562a62541238ff6bb
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- ca2fc49893dffdd07633f91f36d4d878f01e5df4119fd757a108fbf82a37aeb7
- 4e4a3751581252e210f6f45881d778d1f482146f92dc790504bfbcd2bdfa0129
- b269720acebdba99f8294306dfe575089c8e915af45556e49f82a9d7f1460742
- dfff54d42b60017684805abb5ee34ab2da491dbcdf3a258852cfa439b878d4af
- 6270645da8182fab12021bf0fa3126e8bf6a2a9115f273b288149d6c2a42adf0
- e5896a2d969b3848d695ff8f957fbec269c07fc5
- 91270525521b7fe0d986db19747f47d34b6318ad
- 0098c79e1404b4399bf0e686d88dbf052269a302
- a1b174135d7df3ecf7773fe2772a162dd862e9097387ef1cdf4a32dbeccabaa5
- fb9c4f542eb44f72e54160390e51efd73b7a79867470255e95673dcc682e829b
- b5a9bf036149b5a7a27414409552ad350e76a1654567ffdda4652429cf0308ff
- c24cb7692b77123387b821f3683966807662217a4c918c32bb97358729c33a1d
- 7e6d9dac619c04ae1b3c8c0906123e752ed66d63
- e8d3aeea7617982bb6e484a9f8307e6b
- f13208982439e9631da3ea9946f45b55ee2a780d68938fb0cca5dbd1def8e0e9
- 52180c91d36542bafa347f56704b8f7fcb04ff84
- 41b6815d187a9bd7284fb0919b814eaf310d55452030eb932b32b27b5c473e26
- 794a0b6f21d80a426ac33a706a962b66a6cc0492
- e26fbe450d62ea0b0378b69d28317fd52a42597ef941d15f803d4f41d5ab6aa7
- f00395da1c2838b95084d18a8da2d6dbe89ae74b00508e4dafcd65198ba0843c
- 7e94dddc83cbd929e073f060d02e374f
- c1fb7aa37b3f31a657afce21d4d7be4b12529d8820d34ea4729a4e6dd5109a50
- 224a21c122569d682302ae26ec4fdbfada36aa65
- d2fcf4a3c0012398caf4247cd08f16857e115223
- 80ff5df7fc7f5fa0031611b02c75c71e3a84217eadb4eb9cfd2e62a88697aa92
- 338d4f4ec714359d589918cee1adad12ef231907
- 365a02eb9b99b3852cc70b4cc90214521685121d9cd36890c094db1a018a14e7
- aecc447b2b69af35e20c3ea91e21e853
- 690b6cf4205248a3fc5521762c69a24f46958e57621dc97b031e41ec1f381221
- b298f0c6c459ef001159d7a7d275d3db
- 6bc8e3505d9f51368ddf323acb6abc49
- 485f804ddf201224915ed9df0112109b
- 55a2fd06519a8d6d5f50505dbe5d7895e2550edbc797ab83900d9a88073979a4
- 1192381230fce07ef3f2a86ce746c71f22a7e0b97eea7560a38337844e8f3041
- cfeec2b8a9d8de2bc635762c6e7146e66e107a68cefa98bb5bbb5eb01a6b3c66
- 73a4feffecda9871eb6ad4e12ea9bdccffe109ae3ed9b897a44801f785447227
- efaae1104c2a532bfaaa2fd11f6345ee321cf0119eeb619526df4f2940795750
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for rhysida
CVE-2025-5777
CVE-2022-3236
CVE-2022-30190
CVE-2022-26134
CVE-2020-1472
CVE-2018-0798
Collection
T1005
Data from Local System
T1119
Automated Collection
Defense Evasion
T1027
Obfuscated Files or Information
T1036
Masquerading
T1055.003_1
Thread Execution Hijacking
T1055_1
Process Injection
T1497
Virtualization/Sandbox Evasion
T1564
Hide Artifacts
T1564.004
NTFS File Attributes
T1620
Reflective Code Loading
Discovery
T1010
Application Window Discovery
T1057
Process Discovery
T1082
System Information Discovery
T1083
File and Directory Discovery
T1497_2
Virtualization/Sandbox Evasion
T1518.001
Security Software Discovery
Execution
T1059
Command and Scripting Interpreter
T1129
Shared Modules
Impact
T1486
Data Encrypted for Impact
Persistence
T1547.001
Registry Run Keys / Startup Folder
Privilege Escalation
T1055
Process Injection
T1055.003
Thread Execution Hijacking
T1547.001_1
Registry Run Keys / Startup Folder
Victims(66)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Lawson Roofing | — | US United States | Other | Unknown | 3 days ago | |
| IDS Group | — | GB United Kingdom | Other | Claimed | 27 days ago | |
| Landeshauptstadt Stuttgart | — | DE Germany | Government & Defense | Unknown | about 1 month ago | |
| Tower View Primary School | — | GB United Kingdom | Education | Unknown | about 1 month ago | |
| Stelia North America | — | CA Canada | Manufacturing | Claimed | about 2 months ago | |
| Southold Town Senior ServicesSouthold Police Department | — | US United States | Government & Defense | Unknown | 4 months ago | |
| Southold Town Senior Services | — | US United States | Government & Defense | Claimed | 4 months ago | |
| Rohner | rohnerspraybooths.com | CH Switzerland | Manufacturing | Unknown | 4 months ago | |
| Cheyenne & Arapaho Tribes | cheyenneandarapaho-nsn.gov | US United States | Government & Defense | Unknown | 4 months ago | |
| Phoenix Art Museum | phxart.org | US United States | Education | Unknown | 4 months ago | |
| Leading Edge Speciali | — | NA Namibia | Professional Services | Unknown | 5 months ago | |
| Lakeside Union School District | lsusd.net | US United States | Education | Unknown | 5 months ago | |
| Elabs | elabs.de | SE Sweden | Technology | Unknown | 5 months ago | |
| MACT Health Board | macthealth.org | US United States | Healthcare | Unknown | 5 months ago | |
| Cytek Biosciences | cytekbio.com | US United States | Healthcare | Claimed | 5 months ago | |
| Jet-care International | jet-care.com | CH Switzerland | Transportation | Unknown | 5 months ago | |
| Charles Leonard Steel Services | charlesleonardsteelservices.com | US United States | Manufacturing | Unknown | 6 months ago | |
| Falk, Waas, Hernandez, Cortina, Solomon & Bonner Overview Metrics | falkwaas.com | US United States | Professional Services | Unknown | 6 months ago | |
| Larry Pitt & Associates | larrypitt.com | US United States | Professional Services | Unknown | 6 months ago | |
| YOKOSUKA GAKUIN | yokosuka-gakuin.ac.jp | JP Japan | Education | Unknown | 6 months ago |
Page 1 of 4
Affected countries(46)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇺Australia🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳IndiaIran, Islamic Republic of🇮🇹Italy🇯🇴Jordan🇯🇵Japan🇰🇪Kenya🇰🇼Kuwait🇱🇹LithuaniaMartinique🇲🇽Mexico🇲🇾Malaysia🇳🇪Niger🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪Peru🇵🇱Poland🇵🇹PortugalRussian Federation🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇹🇭ThailandTaiwan, Province of China🇺🇸United States🇿🇦South AfricaGlobal