The Rhysida ransomware group has reportedly claimed responsibility for hacking Abdali Hospital, a multi-specialty healthcare facility in Jordan, and has added it to the list of victims on its Tor leak site. The group has published images of stolen documents, including ID cards and contracts, as proof of the hack. As part of their modus operandi, the ransomware operators plan to auction the stolen data for 10 BTC, emphasizing that they will sell it to a single buyer and publicly release the data over the following seven days.
The Rhysida ransomware group has been active since May 2023, targeting organizations across various sectors. The recent attack on Abdali Hospital follows the group’s claims of hacking King Edward VII’s Hospital in London, the British Library, and China Energy Engineering Corporation. The group has actively targeted victims across industries, including education, healthcare, manufacturing, information technology, and government sectors, characterizing its victims as “targets of opportunity.”
The FBI and CISA issued a joint Cybersecurity Advisory (CSA) warning of Rhysida ransomware attacks, part of the ongoing #StopRansomware effort, providing information on the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the ransomware group. The Rhysida ransomware gang has adopted a strategy of auctioning stolen data, demanding payment in cryptocurrency, and limiting the sale to a single buyer to maximize profits and control the dissemination of sensitive information. This approach is intended to create urgency and pressure on the targeted organizations to pay the ransom.
The group’s recent activities underscore the evolving and sophisticated nature of ransomware threats, prompting heightened cybersecurity measures and collaboration among law enforcement agencies to mitigate the impact of such attacks.
