AdvisoryAdvisoriesCISAAA23-319A

November 15, 2023

#StopRansomware: Rhysida Ransomware

November 15, 2023

What we know so far

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly issued a Cybersecurity Advisory to alert about the emerging Rhysida ransomware. This ransomware, active since May 2023, primarily targets sectors like education, healthcare, manufacturing, IT, and government. The advisory, part of the #StopRansomware initiative, provides detailed information on the tactics, techniques, and procedures (TTPs) of Rhysida, as well as indicators of compromise (IOCs) based on recent investigations. It also encourages organizations to follow recommended mitigation strategies to reduce the risk and impact of Rhysida and other ransomware threats.

Arrow Right

Schedule a test

Our insights

Protect your endpoints

Subscribe to alerts

November 15, 2023

Insights by Prelude

Rhysida ransomware actors have been known to exploit the Zerologon vulnerability (CVE-2020-1472) in Microsoft’s Netlogon Remote Protocol and use phishing attacks to infiltrate and persist within a network. The ease of exploitation involved with this vulnerability - a simple request to a specific vulnerable protocol - underscores the importance of automatic patching. At many organizations, especially larger ones, upgrading software is a manual and time-consuming process. Each upgrade carries a certain amount of risk, as the change set may be incompatible with other critical applications on the system. However, it is possible to establish a process of safe automated patching - and setting one up should be a top priority.

See if you are protected against this advisory

Arrow Right

Schedule a test with Prelude

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories

AdvisoryAdvisoryCISAAA24-207A

July 25, 2024

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

AdvisoryAdvisoryCISAAA24-193A

July 11, 2024

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

AdvisoryAdvisoryCISAAA24-190A

July 9, 2024

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

See all advisories

Arrow Right
Solutions
For Detection & Response TeamsFor CISOs
Platform
DetectCrowdStrike
Company
AboutCareersBlogAdvisoriesResourcesCommunityPress
Book a Demo

©2024 Prelude Research, Inc. All rights reserved.
Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Cookies

Happening Soon: CTI to Assurance: Automating Proactive Threat Management With Prelude Detect
Save Your Seat
Arrow Right