The Rhysida Ransomware Group [1] [2] [3], established in May 2023, has been targeting critical infrastructure and prestigious public institutions in the UK, Europe [1] [2], and the Middle East [1] [2], victimizing 77 companies and public institutions in less than nine months [2].


Recent targets of the Rhysida Ransomware Group include hospitals, power plants [1] [2], schools [1] [2], and other important public institutions. eSentire’s Threat Response Unit has verified the authenticity of the victims listed on Rhysida’s dark web leak site [1] [2]. The group operates as a Ransomware-as-a-Service provider [1] [2], leasing its tools and infrastructure to affiliates who share in the ransom collected from victims [1] [2]. In August 2023 [3], the healthcare sector was specifically targeted, with Prospect Medical Holdings being the most affected organization [3]. The hackers claimed to have accessed sensitive data such as social security numbers, passports [3], driver’s licenses [3], patient medical records [3], and financial and legal documents [3].


The impact of the Rhysida Ransomware Group’s attacks on critical infrastructure and public institutions is significant, with potential risks to data security and privacy. It is crucial for organizations to enhance their cybersecurity measures to mitigate the threat of ransomware attacks. The future implications of such attacks highlight the importance of proactive cybersecurity strategies to safeguard sensitive information and prevent further breaches.