Security News > 2023 > November > FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
"Threat actors leveraging Rhysida ransomware are known to impact 'targets of opportunity,' including victims in the education, healthcare, manufacturing, information technology, and government sectors," the two agencies noted.
Rhysida malicious actors are known for phishing attacks and exploiting Zerologon, a critical vulnerability enabling Windows privilege escalation within Microsoft's Netlogon Remote Protocol.
The FBI and CISA add that affiliates associated with the Vice Society ransomware group, tracked by Microsoft as Vanilla Tempest or DEV-0832, have transitioned to using Rhysida ransomware payloads during their attacks.
Network defenders are advised to apply mitigations outlined in today's joint advisory to minimize the likelihood and severity of ransomware incidents like Rhysida.
FBI shares AvosLocker ransomware technical details, defense tips.
News URL
Related news
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Only 13% of organizations fully recover data after a ransomware attack (source)
- Ransomware attack at New York blood services provider – donors turned away during shortage crisis (source)
- Ransomware attack disrupts New York blood donation giant (source)
- Indian tech giant Tata Technologies hit by ransomware attack (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)