The Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center have warned against a ransomware threat group targeting organizations from the government and private sectors.
In a joint cybersecurity advisory, the agencies outlined indicators of compromise of the Rhysida ransomware and provided early detection methods and techniques to prevent ransomware attacks, CISA said Wednesday.
Rhysida actors exploit virtual private networks, phishing campaigns and the Zerologon vulnerability to gain initial access and persistence within a compromised network.
The group has targeted organizations in education, healthcare, manufacturing, information technology and the government.
The CSA contains a set of mitigations aligning with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology to help organizations reduce the likelihood and impact of Rhysida ransomware attacks.