Threat Intelligence Tarot
Vol. II · 101
Criminal (suspected Eastern European)
risk 3/5
The Centipede
Rhysida
Vice Society affiliate
HealthcareEducationGovernmentManufacturingDefense
Active since May 2023 · Financial extortion, Ransomware-as-a-Service
The Centipede moves on many legs through institutional networks, each appendage probing a different system. It has no loyalty to target type: libraries, hospitals, and armies fall with equal indifference.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
T1566.001
Spearphishing Attachment
Initial Access
T1059.001
PowerShell
Execution
T1486
Data Encrypted for Impact
Impact
T1490
Inhibit System Recovery
Impact
T1021.001
Remote Desktop Protocol
Lateral Movement
T1078
Valid Accounts
Defense Evasion
T1083
File and Directory Discovery
Discovery
Notable Operations
  • British Library attack (2023, months-long disruption to national services)
  • Chilean Army breach with military data published
  • Lurie Children's Hospital Chicago (2024, pediatric care disrupted)
  • Insomniac Games data leak including Sony acquisition documents
Defenses
Reversed: Their Weakness
Security researchers discovered Rhysida's encryption implementation had a flaw enabling decryption without paying ransom. Rapid incident response and offline backup restoration have repeatedly neutralized its leverage.

Share this adversary profile

Compare →

swipe to browse

← PreviousThe GambitNext →The Auction House
Related Adversaries
The Neon Predator
Akira
5 shared TTPs
The Black Choir
Black Basta
5 shared TTPs
The Sanctioned Serpent
Evil Corp
5 shared TTPs
Data sourced from MITRE ATT&CK. For educational purposes.