Security News > 2021 > March > PYSA Ransomware Pillages Education Sector, Feds Warn

The FBI has issued a warning about an uptick in cyberattacks on the education sector that are delivering the PYSA ransomware.

In a "Flash" alert to the cybersecurity community issued on Tuesday, the Feds said that PYSA has been seen in attacks on schools in 12 U.S. states and in the United Kingdom in March alone.

The cyber-actors then execute commands to deactivate antivirus capabilities on the victim network and exfiltrate files, the FBI warned, sometimes using the free open-source tool WinSCP. WinSCP provides secure file transfer between local and remote computer systems.

To encourage victims to pay, the ransomware notes warns that stolen information will be uploaded and monetized on the Dark Web.

"Observed instances of the malware showed a filename of svchost.exe, which is most likely an effort by the cyber actors to trick victims and disguise the ransomware as the generic Windows host process name," according to the warning.

"In some instances, the actors removed the malicious files after deployment, resulting in victims not finding any malicious files on their systems."

News URL

https://threatpost.com/pysa-ransomware-education-feds-warn/164832/