Security News > 2021 > March > FBI warns of escalating Pysa ransomware attacks on education orgs

"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert.

The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.

The FBI understands the damages educational institutions face following such attacks and urges them to report the attacks as soon as possible to the local FBI field office or the Internet Crime Complaint Center, regardless of their decision to pay for a decryptor or not.

A custom ransom note is also dropped on encrypted systems in Pysa ransomware attacks, a ransom note that includes the organization's name, a link to Pysa's Tor site, and a link to the data leak site where the ransomware gang threatens to publish the stolen data.

In December, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center have also warned malicious actors targeting K-12 educational institutions in the US. The three government agencies warned that ransomware, malware, and DDoS attacks are the main threats to K-12 educational institutions after such attacks increased at the beginning of the school year, with the cybercriminals threatening to leak data stolen in the attacks unless a ransom was paid.

In January, the FBI sent another security alert warning private sector companies of Egregor ransomware attacks actively targeting and extorting businesses worldwide.

News URL

https://www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/