Researchers Share In-Depth Analysis of PYSA Ransomware Group

2022-04-18 21:52

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows.

PYSA, short for "Protect Your System, Amigo" and a successor of the Mespinoza ransomware, was first observed in December 2019 and has emerged as the third most prevalent ransomware strain detected during the fourth quarter of 2021.

Most of its victims are located in the U.S. and Europe, with the group primarily striking government, healthcare, and educational sectors.

"The U.S. was the most-impacted country, accounting for 59.2% of all PYSA events reported, followed by the U.K. at 13.1%," Intel 471 noted in an analysis of ransomware attacks recorded from October to December 2021.

"The group is supported by competent developers who apply modern operational paradigms to the group's development cycle," the researcher said.

The findings are yet another indicator that ransomware gangs like PYSA and Conti operate and are organized like legitimate software companies, even including an HR department to recruit new hires and an "Employee of the month" award for tackling challenging problems.

News URL

https://thehackernews.com/2022/04/researchers-share-in-depth-analysis-of.html

#ransomware #researcher

News URL

Related news