The hacking collective Rhysida has reportedly compromised sensitive information from the Maryland Department of Transportation (MDOT) and is auctioning the stolen data for 30 Bitcoin, equivalent to approximately $3.4 million. The auction, according to sources from Dark Web Daily, includes personal details such as social security numbers, addresses, dates of birth, and other identifiers. The offer is set to expire in the coming week.
MDOT acknowledged the cyber incident, which involved unauthorized access to its Maryland Transit Administration systems, leading to confirmed data loss. In response to the breach, the department has urged users and state employees to take proactive measures such as updating their passwords, applying necessary software updates, and enabling two-factor authentication to mitigate potential risks. Although the department has acknowledged the incident, it has not disclosed the specific details of the compromised data and mentioned that the investigation is still ongoing.
Rhysida has been active in ransomware attacks since at least 2023, primarily targeting sectors such as education, healthcare, manufacturing, information technology, and government. A memorandum from the Cybersecurity and Infrastructure Security Agency (CISA) noted that Rhysida typically leverages threats to publish sensitive data unless a ransom is paid, with payments directed through Bitcoin — a medium favored by ransomware groups due to its relative anonymity compared to traditional transaction methods.
In recent enforcement actions, the Department of Justice has sought forfeiture of Bitcoin linked to ransomware activities, indicating a growing focus on disrupting financial channels used by these malicious actors. In 2024, ransomware extortion payments totaled approximately $813 million, reflecting a significant decline of 35% from the previous record of $1.25 billion in 2023, as reported by Chainalysis.
As the landscape of cyber threats continues to evolve, the ongoing case with Rhysida highlights both the immediate risks to sensitive data and the broader implications of ransomware on organizations and public infrastructure.
