At the end of November, Slovenian Power Plants Holding (Holding Slovenske elektrarne – HSE) was hit by one of the biggest hacker attacks in Slovenia. According to the latest unofficial information, the so-called Rhysida ransomware group, believed to be from Russia or the former Soviet Union, was behind the attack and has carried out several cyber-attacks against institutions and governments in several countries. In the attack on the Slovenian Power Plants Holding, the group used a ransomware virus that disables or locks data.
The Slovenian Power Plants Holding initially claimed that it had not yet received a ransom demand, which is another sign pointing in the direction of the aforementioned group, as its demands only include an email address to contact the extortionists, without specific monetary amounts. On the other hand, according to some as of yet unconfirmed information, the hacking group is said to have demanded one million euros in bitcoins from Slovenian Power Plants Holding. For every gigabyte of data, they are said to be demanding one euro.
Rhysida, whose name means centipede, appeared in May this year and immediately carried out several major hacking attacks. The most high-profile of these was on the military of the South American country of Chile. It also made the stolen data and documents from the army public. Among its major victims are also the British Library in the United Kingdom and the Prospect Medical Holdings Incorporated company in the USA. Rhysida is also responsible for attacks on government institutions in Portugal and Kuwait.
Rhysida is a ransomware hacking group that has recently emerged in the public domain and, judging by its activities, could be from Russia or another former Soviet state such as Belarus or Kazakhstan. Although the name has only emerged this year, security services claim that it is, in fact, a criminal group that was established as early as 2021 and was then called the Golden Victor, using a similar ransomware scheme called the Vice Society. Criminal groups of this type often change their names, as they are named after the versions of the ransomware they use. They also decide to change their names when they become too “hot” to cover their tracks.
Source: www.bleepingcomputer.com
A. S.