Rhysida is a financially motivated ransomware-as-a-service (RaaS) group that emerged in early 2023, with initial operations detected in January and public activity observed from May of that year. The group operates by leasing its ransomware tools and infrastructure to affiliates who execute attacks and share profits. While initially described as having a less developed ransomware, Rhysida rapidly evolved its capabilities. The group's origin is not definitively confirmed, but it is assessed with moderate confidence to be linked to Russian or Commonwealth of Independent States (CIS) speaking actors, evidenced by Russian language elements in their code and communications, and their observed avoidance of targeting organizations within these regions. A defining characteristic of Rhysida is its self-branding as a 'cybersecurity team' that claims to help victims identify security vulnerabilities. Rhysida is also frequently associated with or considered a rebrand of the Vice Society ransomware

Paises afectados

Sectores atacados

URLs nuevas detectadas en IntelTracker