Kremlin-Linked Ransomware Group Targets Montréal-Nord with $1M Demand

In a concerning development for cybersecurity, the Rhysida ransomware group, which has been linked to Kremlin interests, recently targeted Montréal-Nord, a borough in Montreal, Quebec. The group is demanding a ransom of 10 bitcoin, which is currently valued at over $1 million. Rhysida claims to have stolen several critical documents, including an email, an administrative contract, and a Canadian passport. To substantiate their claims, the cybercriminals have already posted samples of these stolen documents on their dark leak blog. Adding pressure to their demands, a countdown clock on the Rhysida auction page ominously indicates that the stolen data will be sold to the highest bidder if the ransom is not paid within four days.

Rhysida’s Modus Operandi and Patterns

Since becoming operational in May 2023, Rhysida has garnered infamy for its double extortion tactics, often targeting vulnerable sectors like education, healthcare, manufacturing, and local governments. Initially, the group typically gains access to targeted systems through phishing attacks. Once a foothold is established, they exploit system vulnerabilities using Cobalt Strike tools before ultimately deploying their ransomware payload. In what is becoming a recurring pattern, Rhysida has also been known to collaborate with the Vice Society ransomware group. In this collaboration, Vice Society utilizes Rhysida’s ransomware and shares in the ill-gotten earnings.

The havoc wreaked by Rhysida is not limited to public sectors; numerous high-profile organizations have fallen victim. For instance, Seattle-Tacoma International Airport endured a weeks-long outage after being attacked. Other notable victims include major airlines such as Delta and Singapore Airlines, the City of Columbus, the Washington Times, the UK’s National British Library, the Anne & Robert H. Lurie Children’s Hospital in Chicago, and the Prospect Medical Group network. These organizations experienced significant operational disruptions, highlighting Rhysida’s capability to affect services on a large scale.

Trending Tactics and Countermeasures

One of the more unsettling revelations about Rhysida’s operations surfaced in February 2024 when Trend Micro detailed their tactics. Remarkably, the group often posed as a cybersecurity team, adding a layer of deception to their nefarious activities. Rhysida’s attacks are marked not only by their disruptive potential but also by the hefty ransoms they demand—highlighted by their $1,350,000 demand from Easterseals. However, there was a significant breakthrough in counteracting Rhysida’s impact when a research team from Korea’s Internet & Security Agency managed to crack Rhysida’s encryption code, ultimately providing a free decryption tool to affected parties.

The overarching trend in Rhysida’s operations revolves around exploiting vulnerabilities through sophisticated phishing techniques and issuing steep ransom demands. This consistent approach underscores the urgent need for enhanced cybersecurity measures among targeted groups. As Rhysida continues to evolve and refine its tactics, organizations must stay vigilant and proactive in safeguarding their systems. Embracing comprehensive cybersecurity protocols will be crucial in mitigating risks posed by such ransomware groups. The battle between cybersecurity defenses and ransomware attackers like Rhysida is ongoing, emphasizing the importance of adaptive security strategies.

This incident highlights the ongoing vulnerability of municipal systems to sophisticated cyberattacks, underscoring the critical need for enhanced cybersecurity measures and response strategies to protect sensitive information and prevent such damaging breaches.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged