The Rhysida ransomware group and Vice Society have been discovered to have tactical similarities in their concentrating on of the training and healthcare sectors. While Vice Society makes use of varied commodity ransomware payloads and engages in extortion-themed assaults, Rhysida depends on phishing assaults and Cobalt Strike to breach networks. Both teams make use of lateral motion methods corresponding to distant desktop protocol (RDP) and distant PowerShell classes, in addition to backdoors like SystemBC for command-and-control. They additionally erase logs and provoke domain-wide password adjustments to cowl their tracks. Rhysida has predominantly attacked the training, authorities, manufacturing, and know-how sectors, however latest assaults have been seen in the healthcare business. The emergence of Rhysida coincides with the disappearance of Vice Society, indicating a attainable correlation between the 2 teams. Both teams share widespread victimology footprints, with training being a major goal. The ways, methods, and procedures (TTPs) utilized by these ransomware actors stay largely unchanged.
Source hyperlink