Ransomware Leak Sites


Active Since

May 2023

Total victims as of January 2024


Known Forum Aliases


Active Forum Accounts


Targeted Geographies

US, UK, Italy

Rhysida has quickly risen to notoriety due to high profile attacks on the organizations such as the British Library, which took the cherished UK institution’s website, systems, and some on-site services offline.

Just weeks later, the gang took aim at another British institution – the royal family – threatening to leak data from a private London hospital, which it claimed contained sensitive information on the royals.

The group is noteworthy for its focus on organizations in the education industry, followed by those in health care equipment & services, and the public sector.

Some cybersecurity analysts have identified similarities in the Tactics, Techniques and Procedures (TTPs) of Rhysida and those used by Vice Society. Other correlatory factors include temporal crossover – after Rhysida’s appearance only two victims were posted on Vice Society’s leak site before it stopped being active – and similarity in victimology.

On-Demand Webinar

Ransomware in 2024: Dark Web Trends, Groups & Insights