New cyber-criminal group outed after British Library attack

A new criminal group called Rhysida has claimed responsibility for a recent attack on the British Library.

The library confirmed that personal data stolen in a cyber-attack last month has appeared for sale online.

Rhysida emerged as the assailant  by posting low-resolution images of personal information gathered in the attack online, offering the stolen data for sale on its leak site with a starting bid of 20 bitcoin- equivalent to some £590,000.

US government agencies also released an advisory note  on Rhysida last week, stating that the “emerging ransomware variant” had been deployed against the education, manufacturing, IT and government sectors since May. The agencies said they had also seen the Rhysida gang running a “ransomware as a service” (Raas) operation, where it hires out the malware to criminals and shares any ransom proceeds. 

According to the US agencies, gangs using the Rhysida ransomware have used organisations’ virtual private networks – the systems used by staff to access their employers’ systems remotely – to get into systems, or have deployed the familiar technique of phishing attacks, where victims are tricked, usually via email, into clicking on a link that downloads malicious software or tricks them into handing over details such as passwords.

According to the US agencies document, cryptocurrency is a common form of ransom demand for Rhysida attackers, in line with the rest of the criminal hacking fraternity. A digital asset like bitcoin is popular with ransomware gangs because it is decentralised – it operates outside the conventional banking system and therefore bypasses standard checks – and transactions can be obscured, making them more difficult to track.