• Home
  • News
  • Rhysida Ransomware Targets Germany and the US

Rhysida Ransomware Targets Germany and the US

Bogdan Pătru

By Bogdan Pătru . 17 June 2024

Tech Writer

Alex Popa

Fact-Checked this

Rhysida hackers announced 2 victims today, Production Machines & Enterprises from the US and CETOS Services from Germany. The hackers didn’t mention how much data they’ve managed to steal in their original post.

  • According to the hackers’ own statements, they already sold the stolen data
  • The victims haven’t commented on the breaches publicly, but it’s presumed that they’ve refused any negotiations with the hackers
  • Rhysida has been active since May 2023, when they produced their first victims
  • There is no data on the gang’s preferred victimology, as they appear to target companies from all walks of life

Rhysida advertises its actions as ‘humanitarian.’ The gang presents itself as a ‘cybersecurity team’ whose main goal is to help institutions strengthen their cyber-defenses. And they supposedly achieve that by breaching into their systems.

Presumably, this is done to expose system vulnerabilities that the victim may not be aware of. They also offer tips and assistance with boosting the victim’s defenses. After the victim pays the ransom, of course.

That’s because Rhysida will not only breach the victim’s system, but steal sensitive data in the process as well. If the victim doesn’t pay, that is. Naturally, this is not a novel or inventive strategy.

X showing the Rhysida ransomware attack on the two companies

Several other ransomware gangs resort to the same tactics, typically because they make the victim more likely to pay. Today’s targets didn’t feel like falling for that shtick.

This means that the hackers had to sell the data on the black market to make a profit. This can open a new can of worms, given that other cybercriminal groups now have access to the victims’ data.

Should You Pay the Ransom?

The answer might seem obvious at first, but it’s not. Most will refuse to pay the ransom, but many do. Which is why ransomware gangs are still in business and growing by the year. So, what should you do if you get breached? Pay or not pay?

Let’s see where each option can get you.

If you pay:

  • The hackers will provide the decryptor to restore access to your system
  • The hackers will mark you as vulnerable, so they’ll most likely hit you again in the future
  • The hackers will often keep the stolen data and share or sell it to other cybercriminal gangs
  • Other ransomware actors will target you because you now have a history of paying the ransom
  • You incentivize the hackers to stay in business

If you don’t pay:

  • The hackers won’t provide the decryptor; you’ll either need to find ways to remove the encryption on your own or simply reset and lose everything
  • The hackers will sell your data on the Dark Web, but they’ll most likely do that if you pay too
  • Refusing to pay will make it more difficult for hackers to continue their activity

Ultimately, there’s no right or wrong decision. It all depends on your business’ profile, lost assets, and any legal battles that may arise due to the breach itself. In many cases, data leaks resulting from ransomware attacks can have unexpected consequences.

This explains why many victims prefer to pay the ransom and buy the hackers’ silence, than have the data leak publicly.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment