The ransomware threat is a major issue in cybersecurity today and is currently one of the most common and damaging attacks targeting organisations across the globe. 

Such attacks have proved to be highly profitable for cybercriminals and usually lead to serious consequences, such as financial loss, data loss, production and operational downtime, and damage to the victim's reputation.
This report focuses on the Rhysida ransomware, which emerged in May 2023 and impacted over sixty victims in the space of five months. 

The threat actor behind the Rhysida ransomware operates as a Ransomware-as-a-Service (RaaS), as they provide the ransomware as well as the infrastructure and split the profits between the group and affiliates. Moreover, while continuing to compromise numerous victims, the group is steadily developing its ransomware. 

The first version was an unsophisticated piece of malware with very verbose execution, but it has now improved functionalities, including a variant for Linux ESXi operating systems.

Discover more with Thales Cyber Threat Intelligence Report!