%20(1).webp?w=1600&resize=1600,900&ssl=1)
Hammond Trucking & Excavation Inc., a U.S.-based company providing excavation and trucking services in the Cooper Landing to Nikiski area, has fallen victim to the RHYSIDA ransomware attack.
The incident underscores the growing threat posed by this ransomware group, which has targeted various industries worldwide.
RHYSIDA employs a double extortion tactic, encrypting victims’ data and threatening to release it publicly unless a ransom is paid in Bitcoin.
The attack on Hammond Trucking & Excavation Inc. is part of a broader pattern of operations by RHYSIDA, which has been active since early 2023.
The group is known for its sophisticated techniques, including phishing attacks for initial access and lateral movement using tools like Cobalt Strike and PsExec.
RHYSIDA’s Modus Operandi
According to the post from FalconFeeds.io, RHYSIDA ransomware operates as a ransomware-as-a-service (RaaS) platform, enabling affiliates to execute attacks on organizations.
The group typically begins with phishing emails containing malicious links or attachments to gain access to networks.
Once inside, they escalate privileges, disable antivirus programs, and exfiltrate sensitive data before encrypting files using a combination of RSA and ChaCha20 algorithms.
One of RHYSIDA’s distinguishing features is its use of PDF ransom notes and a Tor-based victim support portal where victims are instructed to pay ransoms in Bitcoin.
The group also deletes shadow copies of files to prevent recovery efforts.
In addition to targeting critical infrastructure sectors like healthcare and education, RHYSIDA has attacked various corporate entities, including Hammond Trucking & Excavation Inc., highlighting its indiscriminate approach.
Mitigation and Response
The attack on Hammond Trucking & Excavation Inc. serves as a reminder for organizations to strengthen their cybersecurity defenses.
Experts recommend implementing robust email security measures to prevent phishing attacks, regularly updating software to patch vulnerabilities, and maintaining offline backups of critical data.
U.S. agencies like the Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories on RHYSIDA’s tactics, techniques, and procedures (TTPs), urging organizations to remain vigilant against ransomware threats.
Furthermore, South Korean researchers recently identified vulnerabilities in RHYSIDA’s code, leading to the development of automated decryption tools that could assist affected entities in recovering their data without paying ransoms.
As ransomware attacks continue to evolve, incidents like this highlight the urgent need for proactive measures and international collaboration to combat cybercrime effectively.
Also Read:
.webp?w=1200&resize=1200,0&ssl=1 "Fault Injection Attacks")
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The%20incident%20underscores%20the%20growing%20threat%20posed%20by%20this%20ransomware%20group,%20which%20has%20targeted%20various%20industries%20worldwide.){kind=link}