Live Latest activity →
RH

rhysida

Known ransomware group
Dormant / low-volume

Rhysida is a ransomware-as-a-service group active since 2023, repeatedly targeting healthcare, education, and government entities. It has been the subject of CISA advisories and is known for auctioning stolen data on its leak site.

1

Total Claims

0

Critical

Records Claimed

1

Industries Hit

Active span: May 15, 2026 – May 15, 2026 · 1 organizations targeted

Dormant / low-volume
Activity 1.9 Severity 2.5 Sectors 2.3 Tooling 8.0

Actor Threat Profile

Activity Timeline

Peak: May 2026 (1)
May 2026
LessMore
May 2026

Share this profile

Shareable intel card for rhysida

Top Targeted Industries

Education 1

Tradecraft & Infrastructure

8

Documented tools

12 / 32

MITRE tactics / techniques

2

Known leak sites

DiscoveryEnumExfiltrationLOLBASOffsecRMM-Tools
Full intelligence profile on ransomware.live →

Targeted Organizations

Tower View Primary School

Claims by rhysida

Low

Ransomware Claim: Tower View Primary School

Tower View Primary School
rhysida
Ransomware Education
May 16, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.