Hernando County data is now available for download on the dark web. This means the county did not pay for the ransomware, and Rhysida is now releasing the information to anyone who wants it. “All files will be uploaded for public access. Data hunters, enjoy,” they say. There are 11 files available for download, including 6,190,346 files and a size of 3.2 terabytes.
Making files available for download is a common tactic employed by groups distributing ransomware. They punish organizations that lose data by exposing it to places where bad actors can exploit it.
This means that any data obtained can be misused by malicious parties. This means you really need to monitor your credit, especially if you had her W-9 form with her social security number listed as a vendor for the county. We also encourage you to register for Hernando Clerk's Property Fraud Alert. https://or.hernandoclerk.com/LandmarkWeb/FraudAlert.
Let me tell you a little bit about Rhysida Group. According to Trend Micro, this group was first observed in May 2023. This group is known to carry out double extortion. The first type of extortion involves encrypting files, locking the user, and demanding a ransom. The second form of extortion involves releasing information on the dark web if the ransom is not paid. We are currently in the second stage.
This group is known to launch attacks with phishing emails to gain initial access. Next, use a PowerShell script to disable antivirus protection and make changes to Active Directory. The data is then encrypted with AES, and the AES key is encrypted with a 4096-bit RSA key.
Korean researchers discovered an error in the Rhysida code and released a decryption tool. This tool can be downloaded from the Korea Internet Security Agency (KISA) website.