The Rhysida ransomware auction is offering sensitive Maryland Department of Transportation data for 30 Bitcoin (about $3.4M). The sale reportedly includes Social Security numbers, addresses and dates of birth, and the operator is seeking a single buyer within seven days while the agency investigates.
-
30 Bitcoin demanded for MDOT data — seller seeks single buyer in seven days
-
Reportedly exposed data includes Social Security numbers, addresses, dates of birth and other identifying information.
-
Ransomware extortion payments fell to $813 million in 2024, down 35% from 2023 (Chainalysis).
Rhysida ransomware auction: Maryland Department of Transportation data up for 30 BTC — read official response and steps to protect accounts.
What is the Rhysida ransomware auction?
The Rhysida ransomware auction refers to a reported sale listing that offers sensitive data allegedly stolen from the Maryland Department of Transportation for 30 Bitcoin (≈$3.4 million). The auction listing claims the data includes Social Security numbers, addresses and dates of birth, and seeks a single buyer within seven days.
How did investigators confirm the Maryland Department of Transportation data loss?
The Maryland Department of Transportation confirmed an incident-related data loss tied to unauthorized access of Maryland Transit Administration systems and said the investigation is ongoing. Officials advised affected users and state employees to update passwords, enable two-factor authentication, and keep software current to reduce exposure.
Context and attribution: reporting assembled from publicly available auction details attributed to Dark Web Daily, commentary from cybersecurity notices issued by the Cybersecurity and Infrastructure Security Agency (CISA), and industry data from Chainalysis and U.S. Department of Justice public announcements.
Who is Rhysida and what sectors do they target?
Rhysida is a ransomware collective active since at least 2023, according to a CISA memo. The group typically targets education, healthcare, manufacturing, information technology and government sectors. Rhysida actors reportedly threaten publication of stolen data and demand Bitcoin payments to avoid disclosure.
What data types are reportedly included in the auction?
Reportedly stolen items include Social Security numbers, postal addresses, dates of birth and other personally identifying information. The Maryland Department of Transportation did not disclose a full data inventory while the investigation continues.
How should affected users respond?
Follow immediate containment and personal security steps: change passwords, enable two-factor authentication, monitor credit reports, and place fraud alerts if Social Security numbers may be exposed. Agencies and impacted individuals should coordinate with official incident response teams and law enforcement.
How likely is cryptocurrency to be used in ransom payments?
Crypto, particularly Bitcoin, continues to be the most common ransom payment method because of its pseudonymous characteristics. U.S. law enforcement has pursued forfeiture actions against Bitcoin tied to ransomware, demonstrating the evolving risk and asset-tracing capabilities.
Public post referenced: “30 Bitcoin ransom requested by Rhysida” — reported via a social media post by Dominic Alvieri on September 24, 2025 (text preserved; no external embed or linked content).
Frequently Asked Questions
Was customer financial data compromised in the MDOT incident?
As of the latest update, Maryland Department of Transportation confirmed incident-related data loss but did not specify financial account compromises. The investigation is ongoing and officials have urged precautionary account protections.
How can I check if my identity was affected?
Check official notifications from the Maryland Department of Transportation, monitor credit reports, enable fraud alerts with credit bureaus, and review account statements for unusual activity. Consider identity monitoring services if personally identifying details were exposed.
Key Takeaways
- Immediate risk: Sensitive MDOT data is reportedly being auctioned for 30 BTC; users should act quickly to secure accounts.
- Ransomware pattern: Rhysida targets public-sector and critical infrastructure verticals and typically demands cryptocurrency payments.
- Action items: Update passwords, enable two-factor authentication, monitor financial and identity activity, and follow official MDOT updates.
Conclusion
The reported Rhysida ransomware auction that lists Maryland Department of Transportation data for 30 Bitcoin underscores ongoing ransomware risks to public agencies. Officials continue to investigate; affected users and employees should prioritize account protections and monitor official communications for remediation steps and next updates.
Published: 2025-09-24 | Updated: 2025-09-24 | Author: COINOTAG
