Register now for better personalized quote!

This ransomware strain just started targeting lots more businesses

Dec, 22, 2021 Hi-network.com

The relatively new Pysa ransomware was the dominant strain behind file-encrypting attacks in November and saw a 400% rise in attacks on government organizations, according to analysis by security company NCC Group. 

Pysa is one of the ransomware gangs utilizing double extortion to pressure victims to pay an extortion demand and dumped leaks from 50 previously compromised organizations last month. Overall in November, the number of Pysa attacks increased 50%, which means it overtook Conti to the join Lockbit in the top two most common versions of the malware. Conti and Lockbit have been the dominant strains since August, according to NCC Group. 

Recommends

The best antivirus software and apps

A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep yourself safe from malware and viruses.

Read now

Inexplicably, Pysa leaks data from targets weeks or months after attempting to extort them. The large-scale data dump follows joint US and EU law enforcement action against some members of the REvil ransomware gang, who were behind the attack on IT vendor Kaseya.     

SEE:Ransomware: Industrial services top the hit list - but cyber criminals are diversifying

Also known as Mespinoza, the Pysa gang seeks out evidence of crime among targets to use as leverage during typically multi-million dollar extortion negotiations. 

The FBI started tracking Pysa activity in March 2020 in ransomware attacks against government, institutions, private, and healthcare sectors. The group often employs phishing techniques for credentials to compromise Remote Desktop Protocol (RDP) connections. 

Pysa targets high-value finance, government and healthcare organizations, notes NCC Group. 

Across all ransomware gangs, victims from North America reached the total 154 during the month, of which 140 were US organizations, while European victims numbered 96 in November. The industrials sector was the most targeted, while attacks on the technology sector decreased 38%. 

NCC Group also spotlights a Russian-speaking ransomware gang called Everest Group that's pushing new boundaries in double-extortion by not only threatening to leak files but providing their customers with access to victims' IT infrastructure. Instead of pursuing a ransom, the group sells third-party access to the target's network, creating a new way to monetize a compromised target. If it proves lucrative, this could become a trend next year, NCC Group warns. 

"In November, the group offered paid access to the IT infrastructure of their victims, as well as threatening to release stolen data if the victim refused to pay a ransom," it notes. 

"While selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure -but we may see copycat attacks in 2022 and beyond."

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.