Ransomware Gang Targets Government, Finance, and Healthcare Organizations

Pysa ransomware, which became the dominant strain behind file-encrypting attacks last November, with a 400% rise in attacks on government organizations,  is one worth paying attention to, according to NCC Group security company.  With an established presence, Pysa is now targeting more businesses, and researchers are noticing targeting of  finance, government, and healthcare organizations. 

How does Pysa perform its attacks? 

In simple terms, they utilize double extortion to get victims to pay up. They are also known to leak information from victim organizations, as they did when they dumped more than 50 victims’ names onto a leak site. This may not sound like anything out of the norm for a ransomware gang. However, Pysa is a little bit different. Pysa is known for leaking data from targets weeks or months after they extort them. They will typically dump data in a large-scale format, making it more challenging to differentiate targets and track the source of the extortion.

Where are we headed with Pysa?

The numbers are concerning. Pysa attacks increased 50% in November 2021, overtaking Conti and joining Lockbit as the most common type of malware. According to researchers at the NCC Group, Lockbit and Conti had remained the most dominant strains since August 2021.

What else is on the horizon?

Remember that another threat is always on the horizon. It’s worth noting the new threat of the Russian Everest Group ransomware gang. They are making headlines as they expand beyond the typical double extortion strategy. 

The Everest Group is the first ever to offer cybercriminals paid access to victims’ IT infrastructure. hey still release stolen data for a paid ransom. It’s a double extortion scheme and then some. We’ve seen many groups using ransomware-as-a-service, but this strategy is new and scary.

PK Tech Takeaways

1. Continue to prioritize preventative cybersecurity. Understand the value of working with a managed IT services team.
2. There will always be someone or something new on the horizon–stay vigilant. While the Everest Group is the only one using this strategy now, understand that other groups will likely follow suit.

PK Tech supports small to medium-sized businesses in the Greater Phoenix Area. With experience in various industries, preventative cybersecurity is our priority for our clients. If you’re interested in chatting with our team, contact us here.