In brief
- Ransomware group Rhysida reportedly stole sensitive data and personal information from the Maryland Department of Transportation.
- The collective is now auctioning off the contents for 30 BTC, or about $3.4 million worth.
- Ransomware payments were down 35% in 2024, but still amounted to $813 million in total.
Sensitive data swiped during a cybersecurity incident at the Maryland Department of Transportation is reportedly being auctioned for 30 Bitcoin, or $3.4 million worth, by hacking collective Rhysida Ransomware.
Based on auction details gathered by Dark Web Daily, the hacking collective allegedly stole sensitive personal data and information like social security numbers, addresses, dates of birth, and other identifying information.
It is now reportedly offering the data to a single party in the next seven days.
As part of a cybersecurity investigation, the Maryland Department of Transportation “confirmed incident-related data loss” related to unauthorized access of Maryland Transit Administration systems.
It urged users and state employees of the transportation authority to take action to help mitigate the potential effects, like updating passwords and software, and enabling two-factor authentication on their accounts.
The department did not elaborate further on the types of data and information that were subject to loss, and said the investigation was ongoing as of Monday. A representative for the Maryland Department of Transportation did not immediately respond to Decrypt’s request for comment.
Rhysida’s hacking collective has been operating since at least 2023, primarily targeting education, healthcare, manufacturing, information technology, and government sectors according to a memo from the Cybersecurity and Infrastructure Security Agency (CISA).
CISA adds that Rhysida actors typically threaten to publish sensitive data if ransom payments are not made, and direct victims to send those payments via Bitcoin.
Crypto is often used by ransomware operators due to the comparative difficulty of tracking payments compared to traditional, centralized methods.
In July, the Department of Justice sought forfeiture of $2.3 million worth of Bitcoin tied to ransomware attacks and operator group, Chaos. A month later, authorities in Texas sought a similar amount in forfeitures from a different ransomware operator which had extorted victims worldwide.
Ransomware attackers received around $813 million in extortion payments in 2024, down 35% from a record-setting $1.25 billion in payments from 2023 according to Chainalysis.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
