Rhysida
| Active
Rhysida is a ransomware-as-a-service (RAAS) group that emerged in May 2023. The group utilizes a namesake ransomware through phishing attacks and Cobalt Strike to breach the targets' networks and deploy their payloads.
The group threatens to publicly distribute exfiltrated data if the ransom is not paid, and it's worth mentioning that Rhysida is still in the early stages of development.
The ransomware leaves PDF notes in the affected folders, instructing victims to contact the group through its portal, and payment is made via Bitcoin.
After encryption, the ransomware appends the extension '.ryshida' to encrypted files.
Source: https://github.com/crocodyli/ThreatActors-TTPs
The group threatens to publicly distribute exfiltrated data if the ransom is not paid, and it's worth mentioning that Rhysida is still in the early stages of development.
The ransomware leaves PDF notes in the affected folders, instructing victims to contact the group through its portal, and payment is made via Bitcoin.
After encryption, the ransomware appends the extension '.ryshida' to encrypted files.
Source: https://github.com/crocodyli/ThreatActors-TTPs
Victims
269
First Discovered
2023-06-05
victim
Last Discovered
2026-04-27
victim
Inactive Since
16
days
Avg Delay
37.6
days
Infostealer
38.2%
victims with domain
Countries
39
hit
Attack Velocity — Last 12 months
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Yes | 2026-05-13T22:45:28 | nginx |
rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion
|
|||
|
Rhysida | No | 2026-05-13T22:45:34 |
rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion
|
Target
Top 5 Activity Sectors
- Education 56
- Healthcare 46
- Business Services 33
- Public Sector 30
- Manufacturing 28
Top 5 Countries
-
United States
120
-
Canada
19
-
United Kingdom
9
-
Italy
8
-
Australia
7
Heatmap
Ransom Notes (1)
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
PowerView
|
AnyDesk
|
|
|
Impacket
|
|
NTDS Utility (ntdsutil)
PsExec
WMIC
Windows Event Utility (wevtutil)
|
WinSCP
|
TTPs Matrix (12)
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Discovery | Collection | Exfiltration | Command and Control | Impact | Resource Development | Reconnaissance |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Abusing Elevation Control Mechanism: Bypass User Account Control | Command and Scripting Interpreter | Registry Run Keys / Startup Folder | Process Injection | Obfuscated Files or Information | Application Window Discovery | Data from Local System | Exfiltration Over C2 Channel | Application Layer Protocol | Data Encrypted for Impact | Acquire Infrastructure | Active Scanning |
| Phishing | Shared Modules | Thread Execution Hijacking | Masquerading | Process Discovery | Automated Collection | Web Protocols | Develop Capabilities | Phishing for Information | |||
| Registry Run Keys | Process Injection | System Information Discovery | |||||||||
| Thread Execution Hijacking | File and Directory Discovery | ||||||||||
| Virtualization/Sandbox Evasion | Virtualization/Sandbox Evasion | ||||||||||
| Hidden Artifacts | Security Software Discovery | ||||||||||
| NTFS File Attributes | |||||||||||
| Reflective DLL Injection |
YARA Rules (1)
Indicators of Compromise (IoCs) (28)
Hash MD5
28
Victims (269)
Southold Town Senior ServicesSouthold Police Department The Town of Southold, New York provides vari…
Cheyenne & Arapaho Tribes The Cheyenne and Arapaho Tribes are a federally recognized united nation o…
Phoenix Art Museum Phoenix Art Museum is an art museum that showcases art from around the U.S. in Ph…
Cytek Biosciences Cytek Biosciences is a leading cell analysis solutions company founded in 1992 and…
Falk, Waas, Hernandez, Cortina, Solomon & Bonner Overview Metrics…
United Keetoowah Band of Cherokee Indians in Oklahoma…
Woodard, Emhardt, Henry, Reeves & Wagner, LLP…
Wachusett School District MA Wachusett School District MA is a public school district. More…
Smoll & Banning, CPAs Smoll & Banning, CPA's, LLC is an independent accounting firm located in Dodge…
Heart South Cardiovascular Group Heart South is a leading provider of comprehensive cardiac and vasc…
Spindletop Center Spindletop Center is a non-profit healthcare organization focused on providing beh…
Bellflower Unified School District Headquartered Bellflower, California, Bellflower Unified School D…
Hematology Oncology Consultants Michigan Hematology Oncology is a private practice dedicated to prov…
Furuno Electric FURUNO strives to contribute to realisation of the pleasant society filled with safe…
Sdii Global Since 1989, Sdii Global has set the standard in forensic engineering and consulting, ren…
Peavey Electronics Corporation Founded by Hartley Peavey in 1965 as a one-man shop, today Peavey Ele…
Elite Trailers Elite Trailer MFG, LLC. specializes in the custom manufacturing of high-quality trail…
Elkhart Independent School District Elkhart Independent School District is a public school district …
Cookeville Regional Medical Center At Cookeville Regional Medical Center, we are dedicated to provid…
First Baptist Church of Hammond Established in 1887, The First Baptist Church was listed as 2009's 1…
Cardinal Services Cardinal Services was established by Bud and Gail Freeman in Coos Bay, Oregon in 1…
Florida Hand Center Florida Hand Center specializes in non-surgical and minimally invasive treatment…
Welthungerhilfe Welthungerhilfe (WHH) is one of the largest private aid agencies in Germany; politic…
Hudson River Housing Hudson River Housing provides quality, affordable rental housing for individual…
Cator Ruma & Associates Since our founding in 1959, Cator, Ruma & Associates has worked with many ar…
Florida Lung The Mission of Florida Lung, Asthma & Sleep Specialists is to be a leader in the provis…
Sao Camilo Cachoeiro de Itapemirim The Sao Camilo Espirito Santo Educational Center was founded in 1…
Mountain View Mushrooms Mountain View Mushrooms was established in 2003. We are the largest producer…
Mediprobe Research Mediprobe Research Inc. is a world class dermatology research and clinical trials…
Kalin Hobeltechnik Kalin operates throughout Europe and has established a solid reputation with plan…
Government of Peru Gob.pe is defined as the Single Digital Platform of the Peruvian State.…
LaBella Associates Founded in 1978, LaBella Associates is a full service Architecture, Engineering, …
Acos Favorit Founded in 1996 by Rudolf Fritsch, Acos Favorit Distribuidora Ltda focuses on cutting a…
Oregon Department of Environmental Quality They think their data hasn't been stolen. They're sorely …
Dimension Composite Dimension Composite is an ISO 9001:2000 certified company, whose mission is to d…
Swiss Capitals Group Swiss Capitals Group is the holding of a group of companies with more than 40 y…
Clarity Ventures Clarity Ventures, Inc offers custom eCommerce and mobile web design solutions as we…
Forrest City School District Forrest City School District 7 is a school district headquartered in Fo…
Senior Support Services Senior Support Services (CPHC) first began serving the seniors of Brockvill…
Okeene Elementary School Okeene Elementary School is a public school located in Okeene, OK, which is…
Ted Hosmer Enterprises Ted Hosmer Enterprises, established in 1987, specializes in lawn care and sno…
Cothron's Security Professionals Founded by Mr. Olen Cothron in 1948, Cothron's is a leader in the s…
British virgin islands London Office Opened in 2002, the BVI London Office represents the interests …
Best Collateral, Inc. Headquartered in San Rafael, California, Best Collateral opened its first stor…
Newton & Associates, Inc Newton & Associates Inc is a company that operates in the Accounting Servic…
Peter Glenn Ski Sport Peter Glenn Ski and Sport is a retailer of clothing and accessories for skiing…
Buanderie Centrale de Montreal BCM is a non-profit organization that, since 1979 , has offered laund…
The Agency Established in 1995, The Agency represents the most formidable list of writers, directors…
Leading Edge Specialized Dentistry Leading Edge Specialized Dentistry takes a modern approach to den…
Hammond Trucking & Excavation Hammond Trucking & Excavation Inc. is a family-owned and operated busi…
BH Aircraft Company, Inc. Serving the Aerospace and Aircraft Industries with leading edge technology…
My New Jersey Dentist At My New Jersey Dentist, we're committed to providing exemplary dental care f…
Town Counsel Law & Litigation Town Counsel Law & Litigation is a client-focused law firm concentrate…
Pembina Trails School Division Pembina Trails School Division serves the South West communities of W…
ORU Mabee Center ORU is a liberal arts university with programs for every interest, from business an…
TG3 Electronics TG3 Electronics, Inc. is a second-generation family-owned custom keyboard and electr…
The Chicano Federation The Chicano Federation is a leading nonprofit in the region and has worked to…
Sunflower Medical Group With only 7 days to spare, take the opportunity to bet on exclusive, unique,…
Montreal North Montreal North is a borough within the city of Montreal, Canada. It consists entirely…
T Smiles Dental T Smiles Dental has been a trusted dental practice in Tottenham since 2018.…
Avstar Fuel Systems AVStar was formed in 1999 to overhaul Marvel Schebler/Precision/Volare type floa…
Rutherford County Schools Rutherford County Schools is a school district based in Murfreesboro, Tenn…
Matlock Security Services With over 30 years of experience, Matlock Security has been protecting bus…
Goodwill North Central Texas You'll find a lot of personal employee information here, SQL databases …
Delmar International Delmar International Inc. was established as a family-run customs broker in Mon…
Vermilion Parish School System Vermilion Parish School Board is a school district headquartered in A…
Bishop Ireton High School Bishop Ireton High School, a Catholic preparatory high school located in h…
American Addiction Centers American Addiction Centers was founded in 2007. Since that time, we have …
Granite School District The Granite School District is a public school district spread across centra…
Fylde Coast Academy Trust Fylde Coast Academy Trust (FCAT) was established in 2012 by Fylde Coast Te…
Hope Valley Recovery Hope Valley Recovery is built around a non-judgmental, client-centered approach…
De Rose Lawyers We are a knowledgeable litigation firm with over 40 years of combined experience, so…
Easterseals Easterseals is leading the way to full equity, inclusion, and access through life-changi…
Henry County Schools We strive to provide our students and families access to the most skilled profe…
Microworks Microworks Point of Sale Prism offers an ideal computer system for pizza delivery, restau…
Axis Health System Axis Health System is a private, nonprofit healthcare organization established in…
Golden Age Nursing Home Golden Age Nursing Home is a Medicare-certified facility providing short- an…
Plastics Plus Since our founding in 1990, Plastics Plus has emerged as a leader in the plastic resin…
Shenango Area School District The Shenango Area School District is located in southern Lawrence Coun…
Daughterly Care Daughterly Care has been providing Consumer Directed Care for private clients for ov…
Greene Acres Nursing Home A recognized leader in the provision of superior rehabilitation and long t…
Port of Seattle/Seattle-Tacoma International Airport (SEA)…
Pennsylvania State Education Association PSEA is 178,000 members strong a community of education pro…
Stratford School Academy We are a mixed, all ability, and non-faith school. Our purpose is to educat…
White Mountain Backpacks White Mountain Backpacks has been responsible for innovative design in perf…
Corbally Gartland and Rappleyea Corbally, Gartland and Rappleyea, LLP is a full-service law firm bas…
Affordable Tools Our mission is to provide a positive buying experience offering low prices, fast sh…
Olympus Financial Olympus Financial is here to provide a smoother, faster, and more efficient mortga…
Waynesboro Nurseries Waynesboro Nurseries is a major wholesale supplier for the Eastern United State…
Sterling Rope Founded in 1992, Sterling Rope Company has established itself as a leader in designing…
Liberty Resources Liberty Resources, Inc., headquartered in Syracuse, New York, is one of Central Ne…
The Washington Times The Washington Times is an American conservative daily newspaper published in W…
The White Center Community Development Association The White Center CDA is a vibrant, evolving commu…
Moser Wealth Advisors Based in Bellevue, Washington, Moser Wealth Advisors is a regionally owned and…
Sumter County Sheriff The Sumter County Sheriff's Office is founded on the principles of integrity, …
Bayhealth Hospital Bayhealth is a technologically advanced not-for-profit healthcare system with nea…
Maryville Academy Maryville is a child care organization rooted in Catholic social teaching and dedi…
Ranney School Ranney School is unique in our area. We are the only Age 3 through Grade 12 independen…
Computer Networking Solutions Computer Networking Solutions, dba LightSpeed DataLinks (LDL) is a sma…
Community Care Alliance Community Care Alliance is a unified human service agency integrating resour…
Queens County Public Administrator There is a Public Administrator in every county in the City of Ne…
Law Offices of the Public Defender - New Mexico As the state's largest law firm, we represent low-in…
Gandara Center Gandara Center was founded in Springfield in 1977 to advocate and provide for equal a…
Goede, DeBoest & Cross, PLLC. Since its founding, the firm has grown to a mid-size law firm where th…
BrownWinick 1951, a tax-law specialty firm opened its doors in downtown Des Moines, Iowa. Its modest…
DRM Resources DRM Resources exists to create synergistic teams that unify diverse skill sets to envi…
Erivan Gecom Inc Founded in 1981 by Pierre Lajeunesse, the company was first known under the sole na…
Production Machine & Enterprises Since 1978, Production Machine & Enterprises (PM&E) has specialized…
CETOS Services CETOS Services AG is an integrated IT service provider specializing in software packa…
Kiemle-Hankins Kiemle-Hankins and Birclar have been leaders in industrial maintenance for over 80 ye…
California Rice Exchange California Rice is The Environmental Crop. Nearly 230 wildlife species rely…
Widdop & Co. Widdop Data System Program and SQL Databases for Sale!!!Widdop & Co, a family-owned who…
Surrey Place Healthcare & Rehabilitation Surrey Place Healthcare & Rehabilitation is a 74-bed Skille…
Unimed Vales do Taquari e Rio Pardo We are the largest healthcare cooperative in the world.…
Lopez Hnos Lopez Hnos is a leading company dedicated to offer a wide range of products in three busi…
Ministerio de Desarrollo Local The Ministry of Local Development is the government entity in charge …
Malaysian Industrial Development Finance MIDF, established in 1960 and based in Kuala Lumpur, is a f…
Seven Seas Technology Seven Seas Technology has chosen a collaborative, multi-cloud strategy that pu…
Kolbe Striping Kolbe Striping offers both durable and lasting pavement marking as well as temporary …
Brooks Tropicals Brooks Tropicals grows its popular Caribbean Red papayas in several Caribbean local…
Ann & Robert H. Lurie Children's Hospital of Chicago Ann & Robert H. Lurie Children's Hospital of Ch…
CNPC Peru S.A. CNPC Peru S.A., formerly known as Petrobras Energia Peru S.A., operates in the countr…
Lee Spring Lee Spring manufactures and distributes mechanical springs, wire forms, stampings and fou…
Aspiration Training Aspiration Training is an award-winning specialist training provider, delivering…
Abdali Hospital Abdali Hospital is a 200-bed multi-specialty hospital with the mission to provide be…
Tshwane University of Technology Tshwane University of Technology is a higher education institution …
Kauno Technologijos Universitetas KTU offers 5 study programmes in computer sciences.…
Insomniac Games Insomniac Games, Inc. is an American video game developer based in Burbank, Californ…
Qatar Racing and Equestrian Club Established in 1975 Qatar Racing and Equestrian Club is mandated wi…
Travian Games Travian Games is one of the world's leading PC games companies, based in Munich.…
King Edward VII's Hospital Unique files are presented to your attention! Data from the Royal Family…
Bangkok University Bangkok University has operated since 1962, is one of the oldest and largest priv…
NC Central University North Carolina Central University (NCCU), a distinguished institution nestled …
Energy China China Energy Engineering Corporation or Energy China, is a Chinese state-owned energy c…
St Edmund's College & Prep School Located in 400 acres of beautiful Hertfordshire countryside, St Ed…
British Library The British Library is a research library in London that is the national library of …
MHM Health MHM Health is dedicated to help our partner Independent Physician Associations remain ind…
Azienda Ospedaliera Universitaria Integrata di Verona The Verona Integrated University Hospital Comp…
Indah Water Konsortium Indah Water Konsortium, a company owned by Minister of Finance Incorporated, …
Mount St. Mary's Seminary Mount St. Mary's Seminary is the oldest division of the Athenaeum. The sem…
GO! Handelsschool Aalst GO! Handelsschool Aalst is een milieubewuste school in het centrum van Aalst…
Northwest Eye Care Professionals Serving Clackamas and the surrounding communities in Vancouver and …
Southern Arkansas University Southern Arkansas University offers personalized tour visits, faculty a…
Camara Municipal de Gondomar Discover Gondomar, a land of historical echoes, where the long history …
General Directorate of Migration of the Dominican Republic…
Federal University of Mato Grosso do Sul The Federal University of Mato Grosso do Sul, is a public u…
Istituto Prosperius Villa Cherubini reopens with a new facility within the Prosperius Institute heal…
Ministry Of Finance (Kuwait) Ministry of Finance is one of the governmental bodies of Kuwait and par…
Ort Harmelin College of Engineering Ort Harmelin College of Engineering is an innovative technologic…
Holon Institute of Technology HIT Holon Institute of Technology, is a well-established unique and mu…
Singing River Health System Singing River Health System is both a mission-driven provider of health …
Core Desktop Core Desktop is a Microsoft Tier 1 CSP Partner delivering key IT managed solutions that…
IT-Center Syd IT Center South is an operations center for an administrative IT service community con…
Prince George's County Public Schools Prince George's County Public Schools (PGCPS), one of the nati…
Pierce College Pierce College creates quality educational opportunities for a diverse community of l…
Municipality of Ferrara Ferrara is a city and comune in Emilia-Romagna, northern Italy, capital city…
National Institute of Social Services for Retirees and Pensioners…
Optimum Health Solutions Optimum Health Solutions is Australia's leading preventative health company…
United Tractors United Tractors is a heavy equipment distribution company headquartered in Jakarta, …
ESKA Erich Schweizer ESKA is a leading German manufacturer of all types of fuses and passive compone…
Rouzbeh Educational Complex The industry in which Rouzbeh Educational Complex operates is educationa…
University of Salerno The University of Salerno is a university located in Fisciano and in Baronissi…
Lumberton Independent School District Lumberton Independent School District is a public school distr…
Stephen F. Austin State University Stephen F. Austin State University is a public university in Naco…
IRIS Informatique IRIS Informatique is a team of experts with many areas of expertise: Helpdesk, IT …
ICT-College ICT-College's experienced staff are always available to help and answer questions. Mo…
Caterham High School Caterham High is a community school that serves a richly diverse area of East L…
The Big Life group Big Life is in the business of changing lives. We fight inequality by working wit…
Citta Nuova Citta Nuova is an Italian publishing house established in Rome in 1959. More…
Kenya Bureau Of Standards The Kenya Bureau of Standards (KEBS) has remained the premier government a…
Ayuntamiento de Arganda City Council Located in the southeast of the Community of Madrid, 25 kilomet…
Hollywood Forever Hollywood Forever is a full-service funeral home, crematory, cemetery, and cultura…
BM GROUP POLYTEC S.p.A. Polytec is the merger of two leading companies in automation, robotics , ren…
Enfield Grammar School Enfield Grammar School is a boys' Comprehensive school and sixth form with ac…
Western National Group Experts in the Western US multifamily real estate industry, Western National …
Alberta Newsprint Founded in 1989, Alberta Newsprint is a manufacturer of premium newsprint and high…
Hochschule Kaiserslautern The Kaiserslautern University of Applied Sciences is a Hochschule (Univers…
Fassi Gru S.p.A. Fassi Gru S.p.A. - Loader cranes manufacturer since 1965. Fassi Gru is the market l…
Ziegelwerk Eder In 1996, the Upper Austrian family company EDER built a state-of-the-art brick facto…
Koper Automatisering Koper Automatisering specializes in the development of specialized software for…
Paris High School Paris High School is a learning community dedicated to developing well-rounded, pr…
Northeastern State University Northeastern State University is a public university with its main cam…
Ejercito de Chile The Army of Chile is the branch of the Armed Forces of Chile in charge of the land…
Haemokinesis Haemokinesis specializes in research and development, laboratory systems, sales and dis…
Amstutz Produkte AMSTUTZ PRODUKTE AG is a leading Swiss manufacturer of chemicals and technical equi…
The Thomas Hardye School The Thomas Hardye School is a secondary academy school in Dorchester, Dorse…
Collectivite Territoriale de Martinique The territorial collectivity of Martinique is a single Frenc…