Rhysida attacks BM Group Polytech

Date:

June 3, 2023

World map

Overview

Title

Rhysida attacks BM Group Polytech

Victim

BM Group Polytech

Attacker

Rhysida

Location

Borgo Chiese, Italy

Borgo Chiese,

Size of Attack

Unknown/TBD

First Reported

June 3, 2023

Last Updated

October 31, 2022

The Rhysida ransomware gang has attacked BM Group Polytec. BM Group Polytec is an organization that specializes in helping its clients become smart factories. It is headquartered in Italy. Rhysida posted BM Group Polytech to its data leak site on June 3rd, claiming to have stolen technical designs, invoices, PII, and financial data. The Rhysida ransomware group emerged in May 2023 and introduced a victim support chat portal on the TOR network. They present themselves as a "cybersecurity team" and claim to be helping their victims by targeting their systems and exposing potential security issues. Rhysida deploys its ransomware through various methods, including Cobalt Strike or similar frameworks, as well as phishing campaigns. Analysis of Rhysida ransomware samples suggests that the group is still in the early stages of development. The ransomware lacks certain common features seen in contemporary ransomware, such as VSS removal. However, the group follows the practices of modern multi-extortion groups by threatening to distribute the stolen data publicly. Upon execution, Rhysida displays a cmd.exe window and scans all files on local drives. Victims are instructed to contact the attackers using the TOR-based portal and their unique identifier provided in the ransom notes. The group only accepts payment in Bitcoin (BTC) and provides victims with instructions on purchasing and using BTC through the victim portal. Victims are also given an additional form on the payment portal to provide authentication and contact details to the attackers. The Rhysida ransom notes are written as PDF documents and placed in the affected folders on the targeted drives.

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

8Base attacks Royal Insignia
Date
February 28, 2024
Ransomware group
8Base
Location

Singapore, Singapore

, Singapore

Industry
Retail Trade
Victim
Royal Insignia
8Base attacks Royal Insignia
Date
February 28, 2024
Ransomware group
8Base
Location

Singapore, Singapore

, Singapore

Industry
Retail Trade
Victim
Royal Insignia
Rhysida targets the Ann & Robert H Lurie Children's Hospital of Chicago
Date
February 27, 2024
Ransomware group
Rhysida
Location

Chicago, USA

Illinois, USA

Industry
Healthcare
Victim
Ann & Robert H Lurie Children's Hospital of Chicago
Rhysida targets the Ann & Robert H Lurie Children's Hospital of Chicago
Date
February 27, 2024
Ransomware group
Rhysida
Location

Chicago, USA

Illinois, USA

Industry
Healthcare
Victim
Ann & Robert H Lurie Children's Hospital of Chicago
Medusa targets JS International
Date
February 27, 2024
Ransomware group
Medusa
Location

Fall River, USA

Massachusetts, USA

Industry
Manufacturing
Victim
JS International
Medusa targets JS International
Date
February 27, 2024
Ransomware group
Medusa
Location

Fall River, USA

Massachusetts, USA

Industry
Manufacturing
Victim
JS International
BlackCat/ALPHV attacks S+C Partners
Date
February 26, 2024
Ransomware group
ALPHV
Location

South Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
S+C Partners
BlackCat/ALPHV attacks S+C Partners
Date
February 26, 2024
Ransomware group
ALPHV
Location

South Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
S+C Partners
Ransomhouse attacks Webber International University
Date
February 26, 2024
Ransomware group
RansomHouse
Location

Babson Park, USA

Florida, USA

Industry
Education
Victim
Webber International University
Ransomhouse attacks Webber International University
Date
February 26, 2024
Ransomware group
RansomHouse
Location

Babson Park, USA

Florida, USA

Industry
Education
Victim
Webber International University
Akira attacks the Municipality of Bjuvs
Date
February 26, 2024
Ransomware group
Akira
Location

Mejerigatan, Sweden

Bjuv, Sweden

Industry
State & Local Government
Victim
Municipality of Bjuvs
Akira attacks the Municipality of Bjuvs
Date
February 26, 2024
Ransomware group
Akira
Location

Mejerigatan, Sweden

Bjuv, Sweden

Industry
State & Local Government
Victim
Municipality of Bjuvs
Rhysida attacks Ironrock
Date
February 26, 2024
Ransomware group
Rhysida
Location

Canton, USA

Ohio, USA

Industry
Manufacturing
Victim
Ironrock
Rhysida attacks Ironrock
Date
February 26, 2024
Ransomware group
Rhysida
Location

Canton, USA

Ohio, USA

Industry
Manufacturing
Victim
Ironrock
Medusa attacks The Professional Liability Fund
Date
February 26, 2024
Ransomware group
Medusa
Location

Portland, USA

Oregon, USA

Industry
Finance & Insurance
Victim
The Professional Liability Fund
Medusa attacks The Professional Liability Fund
Date
February 26, 2024
Ransomware group
Medusa
Location

Portland, USA

Oregon, USA

Industry
Finance & Insurance
Victim
The Professional Liability Fund
Medusa attacks Penn Cinema
Date
February 26, 2024
Ransomware group
Medusa
Location

Lititz, USA

Pennsylvania, USA

Industry
Arts, Entertainment & Recreation
Victim
Penn Cinema
Medusa attacks Penn Cinema
Date
February 26, 2024
Ransomware group
Medusa
Location

Lititz, USA

Pennsylvania, USA

Industry
Arts, Entertainment & Recreation
Victim
Penn Cinema
CI0p targets The Peddie School
Date
February 26, 2024
Ransomware group
Cl0p
Location

Hightstown, USA

New Jersey, USA

Industry
Education
Victim
The Peddie School
CI0p targets The Peddie School
Date
February 26, 2024
Ransomware group
Cl0p
Location

Hightstown, USA

New Jersey, USA

Industry
Education
Victim
The Peddie School