Reports from the Cyber Division of the FBI warn of an uptick in PYSA ransomware attacks that have been targeting the education sector in recent months. The actors behind the ransomware have also targeted foreign and domestic government entities, private companies, and healthcare in the past. In March 2020 alone, schools in 12 US states as well as the UK have been hit by PYSA. Payloads are deployed by way of phishing emails or compromised RDP credentials while also disabling antivirus and anti-malware solutions in the process. Once inside the network the malware will look for files that include important information and can be used as leverage to get the target to pay the ransom. After running its processes and dropping executables, a ransom note is added that links to the threat group’s hidden website on Tor, also known as the Dark Web.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased