California Rice Exchange, Inc. Hit by Rhysida Ransomware Attack

Incident Date:

June 8, 2024

World map

Overview

Title

California Rice Exchange, Inc. Hit by Rhysida Ransomware Attack

Victim

California Rice Exchange, Inc.

Attacker

Rhysida

Location

Sacramento, USA

California, USA

First Reported

June 8, 2024

Rhysida Ransomware Group Targets California Rice Exchange, Inc.

Overview of the California Rice Exchange, Inc.

The California Rice Exchange, Inc. (CRE) is a pivotal entity in the California rice industry, operating a cash market trading floor for paddy rice. Founded in 2014 and headquartered in Yuba City, California, CRE facilitates direct transactions between rice producers and buyers through an online platform. With an estimated annual revenue of $4.4 million and a workforce of around 11 employees, CRE stands out by providing an efficient alternative to traditional rice-marketing pools.

Details of the Ransomware Attack

Recently, the Rhysida ransomware group has claimed responsibility for a cyberattack on the California Rice Exchange, Inc. The attack has severely disrupted CRE's operations, with the group threatening to publish the exfiltrated data within seven days. This incident underscores the vulnerabilities faced by small to medium-sized enterprises in the agricultural sector, particularly those relying heavily on digital platforms for their operations.

Profile of the Rhysida Ransomware Group

First identified in May 2023, the Rhysida ransomware group has rapidly gained notoriety for targeting sectors such as education, healthcare, manufacturing, and government. The group employs a double extortion technique, encrypting data and threatening to release it unless a ransom is paid. Rhysida's ransomware is written in C++ and utilizes the ChaCha20 encryption algorithm. The group often gains initial access through phishing campaigns and leverages valid credentials to infiltrate networks.

Potential Vulnerabilities and Attack Vectors

Given CRE's reliance on an online trading platform, the organization is particularly susceptible to cyber threats. The Rhysida group likely exploited vulnerabilities in CRE's network security, possibly through phishing emails or compromised credentials. Once inside, the attackers used tools like PsExec for lateral movement and encrypted critical data, leaving a ransom note in the form of a PDF document.

Impact on the California Rice Exchange

Undoubtedly, the ransomware attack has had a significant impact on CRE, disrupting its ability to facilitate rice transactions and potentially compromising sensitive data. The threat of data publication adds an additional layer of pressure, as it could harm the organization's reputation and financial standing.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.