Security News > 2021 > March > FBI warns of escalating Pysa ransomware attacks on education orgs

"Since March 2020, the FBI has become aware of PYSA ransomware attacks against US and foreign government entities, educational institutions, private companies, and the healthcare sector by unidentified cyber actors," the FBI says in the TLP:WHITE flash alert.
The FBI recommends not paying Pysa ransomware's ransoms since giving in to their demands will most likely fund future ransomware attacks and encourage them to target other potential victims.
The FBI understands the damages educational institutions face following such attacks and urges them to report the attacks as soon as possible to the local FBI field office or the Internet Crime Complaint Center, regardless of their decision to pay for a decryptor or not.
A custom ransom note is also dropped on encrypted systems in Pysa ransomware attacks, a ransom note that includes the organization's name, a link to Pysa's Tor site, and a link to the data leak site where the ransomware gang threatens to publish the stolen data.
In December, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center have also warned malicious actors targeting K-12 educational institutions in the US. The three government agencies warned that ransomware, malware, and DDoS attacks are the main threats to K-12 educational institutions after such attacks increased at the beginning of the school year, with the cybercriminals threatening to leak data stolen in the attacks unless a ransom was paid.
In January, the FBI sent another security alert warning private sector companies of Egregor ransomware attacks actively targeting and extorting businesses worldwide.
News URL
Related news
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)