Liberty Resources Hit by Rhysida Ransomware: Sensitive Data Compromised

Incident Date:

August 15, 2024

World map

Overview

Title

Liberty Resources Hit by Rhysida Ransomware: Sensitive Data Compromised

Victim

Liberty Resources

Attacker

Rhysida

Location

East Syracuse, USA

New York, USA

First Reported

August 15, 2024

Liberty Resources Targeted by Rhysida Ransomware Group

Liberty Resources, a not-for-profit organization based in Syracuse, New York, has fallen victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. The organization, which focuses on promoting independent living for individuals with disabilities, has had sensitive data exfiltrated, including passports and Social Security Numbers (SSNs).

About Liberty Resources

Liberty Resources operates as a Center for Independent Living (CIL) and is dedicated to advocating for the civil rights and equal access of persons with disabilities. Established in 1994, the organization employs over 900 professional staff members and serves nearly 11,000 individuals and families annually. The organization provides a range of services, including behavioral health, physical health, and disability services, aimed at fostering independence and well-being.

Attack Overview

The Rhysida Ransomware Group claims to have breached Liberty Resources' systems, exfiltrating sensitive data and causing disruptions to their phone system. The attackers have demanded a ransom of 20 Bitcoin (approximately $1,175,000) with a deadline set for August 22. The breach has raised significant concerns about the security measures in place at Liberty Resources, particularly given the sensitive nature of the data they handle.

About Rhysida Ransomware Group

The Rhysida Ransomware Group emerged in May 2023 and has quickly become notorious for targeting sectors such as healthcare, education, and government. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida ransomware is written in C++ and uses the ChaCha20 encryption algorithm. The group typically deploys the ransomware through phishing campaigns and leverages valid credentials to establish network connections.

Penetration and Vulnerabilities

Rhysida likely penetrated Liberty Resources' systems through phishing campaigns or by leveraging valid credentials. The organization's extensive handling of sensitive data, combined with potential vulnerabilities in their cybersecurity infrastructure, made them an attractive target for the ransomware group. The attack underscores the importance of effective cybersecurity measures, particularly for organizations handling sensitive personal information.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.