Question: I haven’t read about as many ransomware attacks in the news in recent months. As a healthcare practice, should we keep training our staff to stay ahead of ransomware and other cybersecurity threats? Idaho Subscriber Answer: Yes, you should absolutely keep training and educating your staff about ransomware and other cybersecurity threats. Staying proactive about your practice’s cyber protection should be on the top of everyone’s mind in your healthcare practice. In fact, the Health Sector Cybersecurity Coordination Center (HC3) issued a sector alert on Aug. 4, 2023, warning against a new ransomware-as-a-service (RaaS) group, known as Rhysida. The RaaS group was first observed on May 17, 2023, after its victim support chat portal, which is hosted by TOR (.onion), started appearing. According to HC3, Rhysida mainly attacks “education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.” The group has primarily attacked different industries in North and South America, Western Europe, and Australia.
Rhysida launches its ransomware attacks in several different ways, but the main methods include using phishing attacks to breach target networks or deploy payloads on accessed systems after unleashing a Cobalt Strike. The ransomware is designed to encrypt certain files on a system, and the filename extension changes to “.rhysida” once the file is encrypted. After encryption occurs, the ransomware places PDF ransom notes in the affected folders. The ransom notes threaten the victim with “public distribution of the exfiltrated data,” writes HC3. Rhysida instructs victims to contact the group through its TOR-based portal, and the group accepts ransom payments solely in Bitcoin. According to HC3, Rhysida has added at least eight victims to its dark web, data leak site since June 2023, with five victims’ data being published. The sector alert offers several security recommendations to protect your organization against Rhysida ransomware. Some of the proactive measures proposed by HC3 include: