2 min read

PYSA Ransomware Operators Targeting Healthcare, Education and Government Institutions, FBI Warns

Filip TRUȚĂ

March 17, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
PYSA Ransomware Operators Targeting Healthcare, Education and Government Institutions, FBI Warns

The Federal Bureau of Investigation has issued a flash alert warning of an increase in PYSA ransomware attacks targeting government entities, educational institutions, private companies and the healthcare sector in the US and the UK.

PYSA, also known as Mespinoza, is capable of exfiltrating and encrypting critical files and data, with the criminals specifically targeting higher education, K-12 schools and seminaries, the bureau warns.

“These actors use PYSA to exfiltrate data from victims prior to encrypting victim”s systems to use as leverage in eliciting ransom payments,” according to the advisory.

The FBI has been tracking PYSA ransomware attacks “by unidentified cyber actors” against US and foreign government entities, educational institutions, private companies and the healthcare sector for over a year.

The group typically gains access to victim networks by compromising Remote Desktop Protocol (RDP) credentials and/or through phishing emails, the FBI notes. The cyber actors conduct network reconnaissance and execute commands to deactivate antivirus capabilities on targeted systems before deploying the ransomware.

“The cyber actors then exfiltrate files from the victim”s network, sometimes using the free opensource tool WinSCP5, and proceed to encrypt all connected Windows and/or Linux devices and data, rendering critical files, databases, virtual machines, backups, and applications inaccessible to users,” according to the advisory.

The document describes various indicators of compromise and offers a list of flagged domains associated with this malicious activity.

The notice also includes mitigation steps like:

  • Regularly back up data, air gap and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Implement network segmentation.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication where possible.

… and others.

In typical fashion, the FBI does not encourage paying ransom, as “payment does not guarantee files will be recovered [and] may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”

However, the bureau says it “understands that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees and customers.”

Whatever victims choose to do, the FBI urges them to report ransomware attacks to their local field office or the FBI”s Internet Crime Complaint Center (IC3) at https://ic3.gov.

“Doing so provides the FBI with critical information needed to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under U.S. law,” the agency notes.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read