Rhysida Ransomware Hits The Washington Times, $300K Ransom Demanded
Rhysida Ransomware Group Targets The Washington Times in Major Cyberattack
The Washington Times, a prominent American conservative newspaper, has recently fallen victim to a ransomware attack orchestrated by the Rhysida group. The attack has resulted in the compromise of sensitive data, including Social Security Numbers and driving licenses, with the hackers demanding a ransom of 5 Bitcoin, approximately $300,000, by August 21st.
About The Washington Times
Founded in 1982 by Rev. Sun Myung Moon, The Washington Times is known for its conservative perspective on news and commentary, particularly in politics and culture. The newspaper aims to provide a counter-narrative to mainstream media, focusing on American values such as freedom, faith, and family. Operating under TWT Holdings, LLC, the company employs around 91 people and publishes five days a week in print, maintaining an active online presence.
Attack Overview
The Rhysida ransomware group has claimed responsibility for the attack via their dark web leak site. The cybercriminals have provided a sample of the compromised data to substantiate their claims. The attack has raised significant concerns about the security measures in place at The Washington Times, given the sensitive nature of the data involved.
About Rhysida Ransomware Group
First sighted in May 2023, the Rhysida ransomware group has quickly made a name for itself in the cybercrime arena. The group primarily targets sectors such as education, healthcare, manufacturing, and government. Rhysida employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. The ransomware is written in C++ and uses the ChaCha20 encryption algorithm, with ransom notes generated as PDF documents named “CriticalBreachDetected.pdf.”
Penetration and Vulnerabilities
Rhysida typically gains initial access through phishing campaigns and leveraging valid credentials. Once inside a network, the group uses tools like Advance IP/Port Scanner and Sysinternals PsExec for lateral movement and deployment of the ransomware. The Washington Times, like many media organizations, may have been vulnerable due to the high volume of sensitive data they handle and the constant need for connectivity, making them an attractive target for ransomware groups.
Implications and Next Steps
The attack on The Washington Times underscores the growing threat posed by ransomware groups like Rhysida. As the deadline for the ransom approaches, the newspaper faces critical decisions on how to respond to the cybercriminals' demands while safeguarding their data and reputation.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!