Rhysida Ransomware Group Claims Breach of U.S. Carthage Texas Police Department

• The Carthage Police Department was hit by a ransomware attack that leaked sensitive information.
• Rhysida Ransomware posted samples of the stolen data on the dark web that may prove the claim is true.
• The Texas police department has one week to pay the ransom, and the bids have already started.

The Rhysida ransomware group has reportedly breached the systems of the Carthage Police Department in Texas, demanding a ransom payment of 5 BTC, equivalent to approximately $500,000. The threat actor has set February 4, 2025, as a deadline for the ransom to be paid.

Rhysida operators have uploaded sample data on their dark web portal to substantiate their claims. A brief inspection of the data conducted by TechNadu identified information belonging to Carthage Police Department employees, suggesting that the gang's exfiltration claims may be credible. 

The posted samples include criminal files, GSR laboratory reports, and government-issued IDs such as Social Security Numbers, U.S. passports, and more. These raise concerns about the sensitivity of the compromised data, given the potential for exposure of personal and law enforcement information.

TechNadu has contacted the Carthage Police Department and is awaiting an official answer regarding the recent security incident.

Adding to their aggressive tactics, Rhysida has opened a 7-day window for external bidders interested in purchasing the exfiltrated dataset. 

This attempt to monetize the stolen data underscores the group's intent to amplify pressure on the Carthage Police Department while broadening its cybercriminal activities' reach.

Rhysida ransomware is known for targeting public and private sector organizations and employing double-extortion tactics. This approach typically involves stealing sensitive data before encrypting the victim's systems and subsequently threatening to release the data publicly unless the ransom is paid. 

Rhysida is a ransomware-as-a-service (RaaS) operation that emerged in May 2023. It rapidly gained notoriety through high-profile breaches, including those of the British Library and the Chilean Army. 

Recent incidents attributed to Rhysida include the breach of the Port of Seattle. Other notable breaches involve the Sony subsidiary Insomniac Games, the City of Columbus, Ohio, MarineMax, and the Singing River Health System.

In June 2024, the BlackSuit ransomware gang allegedly published hundreds of sensitive police files stolen from the Kansas Police Department after the KCKPD refused to pay ransom.