FBI Issues Flash Alert For Rising PYSA Ransomware Attacks Against Educational Institutions

Ransomware attacks have already created chaos globally. However, it now seems a new wave is coming as the FBI has warned users. In a recent flash alert, the FBI has advised on a potential rise in PYSA ransomware attacks aimed at educational institutions.

FBI Alert For PYSA Ransomware Attacks

The Federal Bureau of Investigation (FBI) Cyber Division has issued a TLP:White flash alert on rising PYSA ransomware attacks.

As elaborated, the FBI first detected a vigorous PYSA activity in March 2020 when it targeted the government, health, education, and private sectors. And now, they have warned of a further rise in these attacks, specifically targeting the educational sector. The institutions on the target list predominantly belong to 12 different US states and the UK.

FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom… The unidentified cyber actors have specifically targeted higher education, K-12 schools, and seminaries.

FBI has urged everyone to avoid paying the ransom to the attackers in case they become a victim, to discourage the criminals.

However, if the still chooses to pay, still, FBI asks to report the matter to track the criminals. Victims can report the incidents to a local FBI field office. Or, they can report the matter via the FBI’s Internet Crime Complaint Center (IC3) (https://ic3.gov).

About PYSA Ransomware

PYSA, also known as Mespinoza, first made it to the news in October 2019 following a victim’s report. Since then, it has gone through various analyses, hence, we now know about it.

As the FBI explained, the malware infiltrates the target network via phishing or by compromising Remote Desktop Protocol (RDP) credentials. Once done, the malware then starts scanning the network and keeps installing various tools to facilitate attack execution.

Then, before executing the ransomware activity, the threat actors make sure to deactivate any antivirus protection tool on the target victim.

Once established, the ransomware then starts encrypting the victim’s data whilst adding a “.pysa” extension to file names. Yet, before encryption, the threat actors also exfiltrate the victim’s data to force the victim into paying the ransom.

To prevent these attacks, the FBI’s alert also lists the basic steps that users can take. These include backing up data, implementing network segmentation, using MFA on accounts, keeping all software and OS up-to-date, staying wary of phishing attacks, and training employees for cybersecurity.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients