What is understood about the enigmatic group that keeps attacking governments around the globe?
A number of attacks on government institutions in Portugal and the Dominican Republic were perpetrated by the ransomware group Rhysida.
On Wednesday, September 27, everything began. The first casualty was the Portuguese city of Gondomar, which is only 20 minutes away from Porto. All official online services had to be shut down by the city government, who sought assistance from the National Data Protection Commission and the National Cyber Security Center. Residents had to visit government offices in person for a week. The organizations themselves, however, carried on with business as usual despite the technical issues.
Electronic systems, including email, were still inoperable by the end of the week. When the platforms will be fully restored is a question that the mayor's office does not address.
Cybersecurity expert Dominic Alvieri reported that Rhysida had taken ownership of the incident the day following the Gondomar attack. Additionally, the group posted examples of passports and financial documents that were allegedly taken from the municipality on its website.
The hackers had other targets besides Gondomar. The cyberattack was additionally confirmed by the Dominican Republic Migration Agency. Attackers stole private files containing the names, addresses, and birthdates of citizens. The agency's systems were not encrypted, it is important to note.
Rhysida claims on the leak site that the data will be sold if the ransom is not paid. Additionally, they provided a rough estimate of the materials cost, which was 25 BTC (roughly $700,000). According to agency representatives, they discovered the first suspicious activity on September 14 and immediately alerted the nation's National Cyber Security Center.
In the past, Rhysida has attacked US and Portuguese hospitals as well as the governments of Kuwait, Chile, and the Caribbean. Even though the group is active, little is known about it.
Due to a devastating attack on Prospect Medical Holdings, which runs 16 hospitals across several states, they recently made headlines in the US.