FBI Warns of Major Spike in Education Attacks

[Cross-posted from the Yet Another Security Blog by Craig Buchanan of Stillwater]

A Flash alert issued on the 16th (link below) warms that PYSA (Mespionoza) Ransomware has been seen in attacks on schools in the US and United Kingdom. The targets are everything from k-12 and higher education, private, public, secular, and seminaries. Additionally, the threat actors have been seen to target government and healthcare entities. 

For those not familiar with PYSA it is known for exfiltrating certain kinds of data prior to encrypting all Windows and Linux endpoints and servers on the network. Threat actors have been known to not only extort victims for the decryption keys but also to not post the data online. It should also be pointed out that some threat actors have also been known to remove the data and encrypt empty folders so once decrypted there actually is no data there.

https://threatpost.com/pysa-ransomware-education-feds-warn/164832/

https://www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/?&web_view=true

Government resources:

https://assets.documentcloud.org/documents/20514564/pysa-ransomware-bc.pdf

For more information, or to comment on this topic, visit Yet Another Security Blog.