Rhysida Ransomware Hits IT Firm CNS, Threatens Data Leak
Incident Date:
July 27, 2024
Overview
Title
Rhysida Ransomware Hits IT Firm CNS, Threatens Data Leak
Victim
Computer Networking Solutions
Attacker
Rhysida
Location
First Reported
July 27, 2024
Rhysida Ransomware Group Targets Computer Networking Solutions
Overview of the Attack
The Rhysida ransomware group has claimed responsibility for a cyberattack on Computer Networking Solutions (CNS), a well-established IT services provider based in San Jose, California. The attackers have threatened to publish the stolen data within 6–7 days if their demands are not met. This incident highlights the growing threat of ransomware attacks on small and mid-sized businesses.
About Computer Networking Solutions
Computer Networking Solutions, operating under the trade name LightSpeed DataLinks, specializes in providing comprehensive IT solutions and support services tailored to small and mid-sized businesses. Founded in 1991, CNS offers a range of services including managed IT support, hardware sales, cybersecurity, and cloud solutions. The company serves various sectors such as hospitality, manufacturing, real estate, education, CPA firms, medical practices, and law firms. CNS is known for its client-centric approach, acting as an extension of their clients' IT departments and providing tailored solutions to meet specific needs.
Vulnerabilities and Impact
CNS's extensive involvement in diverse industries makes it a lucrative target for ransomware groups. The company's reliance on high-quality hardware and robust cybersecurity measures, while generally effective, may have been insufficient against the sophisticated tactics employed by Rhysida. The attack could potentially disrupt CNS's operations and compromise sensitive client data, affecting their reputation and client trust.
About the Rhysida Ransomware Group
The Rhysida ransomware group emerged in May 2023 and has quickly gained notoriety for targeting sectors such as education, healthcare, manufacturing, information technology, and government. Rhysida ransomware is written in C++ and primarily targets Windows operating systems. The group employs a double extortion technique, stealing data before encrypting it and threatening to publish it unless a ransom is paid. Rhysida uses the ChaCha20 encryption algorithm and demands Bitcoin payments through a TOR-based portal.
Penetration Tactics
Rhysida typically gains initial access through phishing campaigns and leveraging valid credentials. Once inside the network, the group uses tools like Advance IP/Port Scanner and Sysinternals PsExec to enumerate environments and deploy ransomware. The group's ability to exploit network vulnerabilities and use sophisticated encryption methods makes them a formidable threat to businesses like CNS.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.