The Rhysida Ransomware gang, a notorious group known for their file-encrypting malware, has announced that they will be selling data stolen from The Washington Times’ servers for $304,500 in Bitcoin within a week.
This indicates that the gang had previously encrypted the servers of the conservative newspaper and has now decided to monetize the stolen information by listing it on the dark web. The move raises speculation that the group might be using the name of an American newspaper to attract international media attention.
It remains uncertain whether the data being advertised genuinely belongs to The Washington Times. Only time will reveal the accuracy of these claims.
Named after a centipede and typically focused on healthcare-related networks, Rhysida has been a significant concern for national infrastructure. In November 2023, CISA and the FBI issued a joint advisory warning of imminent threats from the Rhysida group. Further investigation by cybersecurity firm Sophos revealed that the Vice Society gang is behind Rhysida, operating as a business that offers malware as a service.
Given that Rhysida communicates in Russian, it is likely that they are funded by Kremlin intelligence, making their extradition highly unlikely unless the Russian government chooses to intervene. This same group has also been linked to the British Library cyber attack and the data breaches involving Insomniac Games.
Ad