A London-based talent agency recently reported a cybersecurity incident to the UK’s Information Commissioner’s Office (ICO) after the Rhysida ransomware group claimed responsibility for an attack. The agency, known for representing high-profile clients in the film, TV, and theatre industries, including Sam Mendes and Emma Thompson, refused to comment on the claims. However, it confirmed informing the ICO, which is now investigating the incident. The agency’s decision to report to the ICO does not necessarily indicate a major data breach, but it could suggest a significant security impact on individuals’ rights and freedoms.
Rhysida ransomware, notorious for high-profile attacks, reportedly stole sensitive data from the agency, including passport scans and internal documents. The group has threatened to sell the stolen data for seven bitcoins, roughly $678,000, on its dark web site. Rhysida’s history includes notable attacks, such as the disruption of the British Library in 2023, where recovery costs soared to £1.6 million. Despite being less prolific than other groups like RansomHub or Akira, Rhysida’s attacks often gain media attention due to their high-profile nature.
Rhysida’s auction for the stolen data set to close soon, indicating the urgency of the situation. The agency faces an impending ransom deadline, which could determine whether it pays to prevent the data from being sold. While not the largest ransomware group in terms of volume, Rhysida has a reputation for orchestrating impactful attacks that can disrupt major institutions. The British Library, which did not pay the ransom in its case, had to bear significant recovery costs, serving as a warning to other organizations targeted by the group.
In light of the rising ransomware threat, experts recommend organizations follow cybersecurity best practices such as patching vulnerabilities, enabling multi-factor authentication (MFA), and strengthening overall security infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance following the British Library incident, urging defenders to focus on credential abuse prevention and system hardening. Basic security measures are essential in mitigating the risk posed by ransomware groups like Rhysida.
Reference:
