Ransomware gang claims responsibility for recent hacking incident against conservative newspaper The Washington Times
08/19/2024 // Laura Harris // Views

A newly identified ransomware gang has claimed responsibility for hacking conservative media outlet The Washington Times and is now threatening to auction off the stolen data.

The group, known as Rhysida, is notorious for its "ransomware as a service" operations, a process by which the group leases its malware to cybercriminals and receives a share of all proceeds from ransom payments.

The malware deployed by Rhysida and other similar gangs usually renders the computers of targeted organizations inaccessible by infecting them with malicious software and then demanding a ransom, often in cryptocurrency, to unlock the files. In other instances, a tactic known as "double extortion" also exists, wherein gangs also steal data and threaten to release it online to increase pressure on their victims. (Related: Ransomware attack on blood bank forces hundreds of hospitals in southeastern U.S. to activate blood shortage protocols.)

These gangs often leave their "calling card" in a brand name attached to encrypted file names.

According to American cybersecurity firm Secureworks, Rhysida emerged from a criminal operation established in 2021, previously known as Gold Victor, which operated a ransomware scheme called Vice Society. Rebranding is common among ransomware gangs when their existing "brand" becomes too notorious.

In line with this, Rhysida announced the hacking of The Washington Times on Aug. 13 in a post on its site on the dark web. The group declared that day that the information would be sold to the highest bidder in one week.

"With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data," Rhysida posted. "Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!"

The starting price for the data has been set at five bitcoins, which as of press time is worth approximately $296,259. The group did not provide specific details on the contents of the stolen data, but a screenshot posted by Rhysida to prove the data breach included scans of several documents, including a Social Security card and a driver's license from Texas.

The ransom notes, titled "CriticalBreachDetected," provided a unique code and instructions to contact the group via a specialist web browser that makes communications untraceable. Cybersecurity analyst Dominic Alvier notes that the screenshot provided by Rhysida did not contain critical data beyond personal information likely linked to an employee.

U.S. agencies already warned the public about the dangers of Rhysida in 2023

In November 2023, the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and the MultiState Information Sharing and Analysis Center released a joint cybersecurity advisory (CSA) warning that Rhysida has been targeting organizations in various sectors, including education, healthcare, manufacturing, information technology and even the government since May 2023.

Agencies have reported that Rhysida and affiliated gangs gain access to systems via virtual private networks or phishing attacks. Once inside, they typically remain undetected for long enough to steal confidential data from their servers.

"Rhysida actors have been observed leveraging external-facing remote services to initially access and persist within a network," the CSA states. "Remote services, such as virtual private networks (VPNs), allow users to connect to internal enterprise network resources from external locations. Rhysida actors have commonly been observed authenticating to internal VPN access points with compromised valid credentials [T1078], notably due to organizations lacking MFA enabled by default."

"Additionally, actors have been observed exploiting Zerologon (CVE-2020-1472)—a critical elevation of privileges vulnerability in Microsoft’s Netlogon Remote Protocol [T1190]—as well as conducting successful phishing attempts [T1566]," the CSA further stated.

Check out Glitch.news for more stories about cyberattacks.

Watch this video about blood bank OneBlood getting hit by ransomware attack, impacting its systems and affecting the distribution of blood to patients.

This video is from the Daily Videos channel on Brighteon.com.

More related stories:

North Korean hacker indicted for hacking, stealing military secrets.

Cyber extortion: AT&T agreed to pay hacker about $400,000 to erase stolen sensitive data.

Software provider CDK Global HACKED, paralyzing over 15,000 car dealerships across America.

Massive cyberattack hits U.S. Big PHarma leaving tens of thousands of prescriptions unfilled.

HACKING THE HACKERS: FBI, law enforcement agencies from 11 other countries shut down ransomware websites of notorious cybercriminal group.

Sources include:

Dailydot.com

TheGuardian.com

CISA.gov [pdf]

Brighteon.com



Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.