Security News > 2021 > March > FBI Warns of PYSA Ransomware Attacks on Education Institutions in US, UK

An alert issued on Tuesday by the FBI warns about an increase in PYSA ransomware attacks on education institutions in the United States and the United Kingdom.
According to the FBI, PYSA attacks have been launched by "Unidentified cyber actors" against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. The threat actors behind PYSA attacks are known to encrypt data on compromised systems, but they also steal information from victims and threaten to leak it in an effort to increase their chances of getting paid.
PYSA ransomware attacks have been observed against government organizations, educational institutions, the healthcare sector and private businesses.
Victims of PYSA ransomware attacks have been advised to file a report with the FBI. "Educational institutions are big targets for hackers as thousands of people's sensitive information is potentially involved, and the substantial shift towards e-learning has made them even more appealing to hackers and ransomware," James Carder, CSO at LogRhythm, told SecurityWeek.
"This FBI warning is an important reminder that educational institutions need to take a proactive approach and invest in cybersecurity solutions that detect malicious behavior and enable network infrastructure to block any further access attempts. Institutions should patch aggressively, create backups, prepare a response plan, and prioritize educational training to ensure they are equipped to handle attacks and proceed without disruption," Carder added.
Over the past year, the FBI issued advisories to warn organizations about attacks involving DoppelPaymer, NetWalker and Egregor ransomware.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Cyber Attack Severity Rating System Established in UK (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor (source)