APT / THREAT GROUP
Rhysida
277
victims
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Malware family tracked by Malpedia. ID: elf.rhysida
Threat Analysis
Rhysida is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Ransomware Victims (277)
CTIWATCH tracks 277 organizations claimed as victims by Rhysida on its data leak site, with attack dates, sectors and countries.
View full victims list →Intelligence Reports Mentioning Rhysida
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
SecurityWeek· Jun 24, 2026
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
Infosecurity Magazine· Apr 16, 2026
Data Breach at Tennessee Hospital Affects 337,000
SecurityWeek· Apr 16, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
win.rhysidaRhysidaelf.rhysida
External Intelligence
Malpedia: win.rhysidaResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.