Ransomware Attack on CDSHotels by Rhysida Group

Attack Overview

A prominent hospitality company based in Italy, CDSHotels, has recently fallen victim to a ransomware attack by the Rhysida group. The attackers have demanded a ransom of 7 BTC (approximately $450,000) to provide the decryption key. The breach involved the exfiltration of various sensitive documents, including Personally Identifiable Information (PII), invoices, and other data.

Company Profile

CDSHotels operates a range of hotels and resorts in the picturesque regions of Puglia and Sicily, Italy. With over 30 years in the hospitality industry, the company employs between 201 and 500 individuals. Known for their unique accommodations and attention to detail, the company specializes in providing all-inclusive experiences, wellness centers, and local cuisine, making them a distinguished player in the hospitality sector.

Vulnerabilities and Security Insights

The attack on the company underscores potential vulnerabilities within the hospitality industry, which handles vast amounts of guest data. The breach involved compromised credentials and external surface attacks, asserting the essentiality of fortified cybersecurity protocols in protecting sensitive information and systems from sophisticated threat actors like Rhysida.

Details of the Rhysida Ransomware Group

The Rhysida Ransomware Group, active since May 2023, targets various sectors including healthcare, education, and government. Employing double extortion tactics, Rhysida threatens to publish stolen data unless a ransom is paid. This group is known for its use of the ChaCha20 encryption algorithm and a sophisticated method of attack involving phishing campaigns and the exploitation of network vulnerabilities.

Sources

• SOCRadar: Threat Profile - Rhysida Ransomware
• LogPoint Blog: Uncovering Rhysida and Their Activities
• CYFIRMA: Weekly Intelligence Report - 30 June 2023
• Fortinet Blog: Investigating the New Rhysida Ransomware
• CDSHotels Official Website: About Us