Rhysida, the new ransomware gang behind British Library cyber-attack

A new name was added to the cyber-rogues’ gallery of ransomware gangs this week after a criminal group called Rhysida claimed responsibility for an attack on the British Library.

Rhysida emerged as the assailant this week by posting low-resolution images of personal information gathered in the attack online, offering the stolen data for sale on its leak site with a starting bid of 20 bitcoin, or about £590,000.

Rhysida’s name is new to the public, but according to Secureworks it has emerged from a criminal operation established in 2021. Secureworks calls that group Gold Victor and it operated a ransomware scheme called Vice Society.

Rhysida attackers send their ransom notes with the title “CriticalBreachDetected” in a PDF file. The note provides each recipient with a unique code and instructions to contact the group via a specialist web browser that makes communications untraceable.