Daughterly Care Hit by Ransomware Attack from Rhysida Group
Incident Date:
September 22, 2024
Overview
Title
Daughterly Care Hit by Ransomware Attack from Rhysida Group
Victim
Daughterly Care
Attacker
Rhysida
Location
First Reported
September 22, 2024
Ransomware Attack on Daughterly Care by Rhysida
Daughterly Care, a leading provider of in-home aged care services based in Sydney, Australia, has recently fallen victim to a ransomware attack orchestrated by the notorious ransomware group Rhysida. The breach was discovered on September 23, 2024, and the extent of the data leak remains unknown at this time.
About Daughterly Care
Established in 1998, Daughterly Care Pty Ltd has built a strong reputation over its 26 years of operation, focusing on delivering high-quality care for the elderly. The company specializes in high care and dementia care, with over 82% of their services catering to clients with chronic conditions such as Parkinson’s disease, multiple sclerosis (MS), and motor neuron disease (MND). They employ around 42 individuals, including caregivers and management staff, and reported an annual revenue of approximately $50.6 million as of 2024.
Daughterly Care is an approved provider for Home Care Packages, which are government-subsidized programs designed to help seniors access necessary services. Their offerings include live-in care, 24-hour assistance, and various levels of home care packages funded by the Australian government. The organization is particularly noted for its expertise in high care and dementia care, providing personalized support tailored to the specific needs of each client.
Attack Overview
The ransomware attack on Daughterly Care was claimed by Rhysida via their dark web leak site. The breach was discovered on September 23, 2024, and the extent of the data leak remains unknown. Given the sensitive nature of the data handled by Daughterly Care, including personal and medical information of elderly clients, the impact of this breach could be significant.
About Rhysida
Rhysida is a Ransomware-as-a-Service (RaaS) group known for its aggressive affiliate model and double extortion tactics. The group encrypts victims' data and exfiltrates sensitive information to leverage ransom demands. Rhysida has filled the void left by the disruption of other high-profile ransomware groups and remains highly active, targeting high-value sectors such as healthcare, financial services, and government.
Penetration and Vulnerabilities
Rhysida is renowned for its speed and efficiency, often exploiting vulnerabilities in unpatched systems and using phishing campaigns to gain initial access. Once inside, the group conducts multi-phase attacks involving network reconnaissance, privilege escalation, and data exfiltration before encrypting files. Daughterly Care, with its extensive handling of sensitive data and reliance on digital systems for managing care packages and client information, presents a valuable target for such threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.