Notice Of Rhizome Website Cyberattack

From May 31st through June 6th, the Rhizome House website was compromised in a cyberattack due to a security flaw in Ghost CMS. Over 700 other Ghost sites have been targeted in similar attacks - read more about the exploit here. As of June 7th, the attacker no longer has access to our site's backend and all of the malicious content on the site has been scrubbed. The effects to our infrastructure were minimal. Our email subscriber's data was not compromised, as that is separate from our website. Unless you fell victim to the attack described below, you should have nothing to worry about.

We're doing what we can to mitigate these kinds of attacks in the future. For your consideration:

• If you visited the Rhizome House website between May 31st and June 6th, especially on a Windows machine, you may have been phished. Please run a security scan to identify and remove any malware on your computer. Consider changing your passwords & utilizing Multi Factor Authentication wherever you can.
• This particular exploit worked by displaying a fake CAPTCHA - one of those prove-you're-not-a-robot things. It then directed the user to paste an encoded command in a Windows Run dialog as part of the verification. Real CAPTCHAs will never, ever, ever ask you to do this. If you ever encounter a CAPTCHA that tells you to paste anything into a command prompt, even on a trustworthy site, exit out of it immediately.
• The malicious content appended to many of our site pages had the ability to collect fingerprint information from web browsers. We recommend reading up about browser fingerprinting here and here. We also recommend making a habit of using a VPN like those offered by Proton or Mullvad, as well as a privacy-conscious browser (i.e. not Google Chrome).

Thank you for your understanding. If you have any additional questions about the attack or our mitigations, feel free to send us an email at therhizomehouse@protonmail.com.