Rhysida
(Active)
Decryptor Available
Yes
Description
This entry is under construction. However, we have included some details below.
Ransomware Type
Crypto-Ransomware
First Seen
Threat Actors
Tipo
Actor
Cybergroup
Rhysida
Extortion Links
Medio
Link
TOR
http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion
TOR
http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion
Extortion Types
Direct Extortion
Double Extortion
Communication
Medio
Identificativo
Email
rhysidaofficial@onionmail.org
Email
rhysidaeverywhere@onionmail.org
Encryption
Type
Hybrid
Files
ChaCha20
Key
RSA-4096-OAEP
Additional Encryption
AES-256-ECB (CHC)
File Extension
<file name>.rhysida
Ransom Note Name
CriticalBreachDetected.pdf
Ransom Note Image
Samples (SHA-256)
a864282fea5a536510ae86c77ce46f7827687783628e4f2ceb5bf2c41b8cd3c6
Decryptors
References & Publications
Korea Internet & Security Agency: A Method for Decrypting Data Infected with Rhysida Ransomware
Secplicity: Scratching the Surface of Rhysida Ransomware