A new name was added to the cyber-rogues’ gallery of ransomware gangs this week after a criminal group called Rhysida claimed responsibility for an attack on the British Library.

In recent years, however, in a process dubbed “double extortion”, the majority of gangs steal data at the same time and threaten to release it online, which they hope will strengthen their negotiating hand.

Rhysida emerged as the assailant this week by posting low-resolution images of personal information gathered in the attack online, offering the stolen data for sale on its leak site with a starting bid of 20 bitcoin, or about £590,000.

While the British Library is a high-profile UK victim for Rhysida – named after a type of centipede – the group is also responsible for attacks on government institutions in Portugal, Chile and Kuwait.

This rebranding exercise is common among criminal gangs – they are often named after the ransomware variant they deploy – if their existing “brand” becomes excessively notorious and attracts too much attention from law enforcement.

A digital asset like bitcoin is popular with ransomware gangs because it is decentralised – it operates outside the conventional banking system and therefore bypasses standard checks – and transactions can be obscured, making them more difficult to track.

Saved 74% of original text.