This post was originally published on this site
A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that this group is indeed in its early stages based on the breadth of print debugging and the lack of a victim target in the ransom note. This appeared to be a pre-finished test file. Here’s what I found. Original File Name: fury_ctm1042.bin MD5: 0c8e88877383ccd23a755f429006b437 SHA1
More information can be read at our partner's website:
WatchGuard Secplicity