Security News > 2021 > March > FBI warns of escalating Pysa ransomware attacks on education orgs

"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert.
The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.
The FBI understands the damages educational institutions face following such attacks and urges them to report the attacks as soon as possible to the local FBI field office or the Internet Crime Complaint Center, regardless of their decision to pay for a decryptor or not.
A custom ransom note is also dropped on encrypted systems in Pysa ransomware attacks, a ransom note that includes the organization's name, a link to Pysa's Tor site, and a link to the data leak site where the ransomware gang threatens to publish the stolen data.
In December, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center have also warned malicious actors targeting K-12 educational institutions in the US. The three government agencies warned that ransomware, malware, and DDoS attacks are the main threats to K-12 educational institutions after such attacks increased at the beginning of the school year, with the cybercriminals threatening to leak data stolen in the attacks unless a ransom was paid.
In January, the FBI sent another security alert warning private sector companies of Egregor ransomware attacks actively targeting and extorting businesses worldwide.
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)