The ransomware that could be behind the attacks on the Army and Latin American companies
Rhysida is the new ransomware group putting organizations and governments on alert on a global scale.
A new ransomware group is becoming known for its ability to infiltrate government and military organizations in Latin America. Rhysida, as it has been dubbed, uses multiple threads to compromise files and directories, employing a combination of RSA and AES algorithms for data encryption. Once executed on the system, the extensions of the affected files will have been changed to .rhysida.
Subsequently, a file named CriticalBreachDetected.pdf will open on the system, alerting of the attack.
This new ransomware group became known last May 17 when it attacked Chilean institutions. Since then, attacks have been reported in other countries, the most affected being Brazil, with more than 30 detections. The other countries affected are China, Israel and the United States.
Although the initial access vector used by Rhysida has not yet been identified, it is "quite likely" to be through brute-force attacks on VPNs or remote access protocols (RDPs), with the aim of obtaining employee and civil servant credentials. Brute-force attacks attempt to crack a password or username, applying trial and error until the right combination is found.
How does it work and how dangerous is it?
Fabio Assolini,
Director of the Research and Analysis Team for Latin America at Kaspersky.
This malware searches a victim's hard drive for valuable information (such as documents, graphics, images and databases) and encrypts everything it finds, locking the files. Upon infection, the ransomware displays a message asking for payment in exchange for restoring the data.
These groups that develop the ransomware sell it to cybercriminals focused on carrying out the attacks. The profit is shared between the developer (20% - average) and the attacker (80% - average), Assolini points out.
Today we open a new step in the business as part of a new stage and strategy that comes to meet the needs of the market and the demands of our customers. Learn more about us here
We share our innovation ideas on LinkedIn